[whatwg] Proposed additions to ClientInformation interface

Ian Hickson ian at hixie.ch
Wed Feb 11 21:23:09 PST 2009


On Sat, 17 Jan 2009, Mark Finkle wrote:
> On Mon, Jul 21, 2008 at 10:10 PM, Ian Hickson <ian at hixie.ch> wrote:
> > On Mon, 7 Jul 2008, Mark Finkle wrote:
> > >
> > > The only reason I can see for such an API is to get the user's 
> > > permission to use features that _may_ be a bit of a security risk to 
> > > normal webapps. Clipboard, dock badging, local file drag-n-drop, 
> > > even offline cache are some examples.
> >
> > Clipboard, drag and drop, and offline caching are all available to all 
> > applications in HTML5, since the APIs are intended to be designed in a 
> > way that doesn't expose the user to risk that requires user 
> > permission.
> 
> Then why would a button be needed to "activate" standalone mode? What is 
> the actual webapp doing differently? Shouldn't the webapp be acting the 
> exact same? Sounds like it's the UA that would act differently.

In "standalone" mode, a Web application can pretend to be a Web browser, 
tricking the user into thinking they are visiting a site they are not in 
fact visiting, and thus executing a remarkably authentic-looking phishing 
attack. That is why it needs an explicit opt-in.


> > Dock badging could be equally made available safely, IMHO. The main 
> > reason I haven't made dock badging available so far is that it doesn't 
> > really make sense for most environments -- in fact as far as I know 
> > only Mac OS X has this feature.
> 
> Great to know. Prism has code that allows <menu> and <command> elements 
> to be used to add menuitems to the Dock (Trayicon on Windows) menu as 
> well. We could even support something like <menu type="icon">...</menu> 
> for this too. Ignored by UAs that don't support it.

Yes, this is one of the things I'm interested in exploring once <menu> and 
<command> (as specified today) are implemented. (Another is introducing a 
command="" attribute to make it possible to define command state once 
and have UI widgets reflect that state automatically.)


> I am suggesting that an explicit "push to make a standalone app" button 
> isn't needed. Any webapp is already able to run standalone. _If_ there 
> is some reason, for security or code privilege, that an explicit action 
> or confirmation is needed on the part of the user, such confirmation 
> should be enforced at the point of execution, when the user attempts to 
> do something that might be dangerous.

It's unclear how that would work. Confirmations in general are known to 
not work, for instance (users click through anything).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list