[whatwg] Proposed additions to ClientInformation interface
Ian Hickson
ian at hixie.ch
Wed Feb 11 21:23:09 PST 2009
On Sat, 17 Jan 2009, Mark Finkle wrote:
> On Mon, Jul 21, 2008 at 10:10 PM, Ian Hickson <ian at hixie.ch> wrote:
> > On Mon, 7 Jul 2008, Mark Finkle wrote:
> > >
> > > The only reason I can see for such an API is to get the user's
> > > permission to use features that _may_ be a bit of a security risk to
> > > normal webapps. Clipboard, dock badging, local file drag-n-drop,
> > > even offline cache are some examples.
> >
> > Clipboard, drag and drop, and offline caching are all available to all
> > applications in HTML5, since the APIs are intended to be designed in a
> > way that doesn't expose the user to risk that requires user
> > permission.
>
> Then why would a button be needed to "activate" standalone mode? What is
> the actual webapp doing differently? Shouldn't the webapp be acting the
> exact same? Sounds like it's the UA that would act differently.
In "standalone" mode, a Web application can pretend to be a Web browser,
tricking the user into thinking they are visiting a site they are not in
fact visiting, and thus executing a remarkably authentic-looking phishing
attack. That is why it needs an explicit opt-in.
> > Dock badging could be equally made available safely, IMHO. The main
> > reason I haven't made dock badging available so far is that it doesn't
> > really make sense for most environments -- in fact as far as I know
> > only Mac OS X has this feature.
>
> Great to know. Prism has code that allows <menu> and <command> elements
> to be used to add menuitems to the Dock (Trayicon on Windows) menu as
> well. We could even support something like <menu type="icon">...</menu>
> for this too. Ignored by UAs that don't support it.
Yes, this is one of the things I'm interested in exploring once <menu> and
<command> (as specified today) are implemented. (Another is introducing a
command="" attribute to make it possible to define command state once
and have UI widgets reflect that state automatically.)
> I am suggesting that an explicit "push to make a standalone app" button
> isn't needed. Any webapp is already able to run standalone. _If_ there
> is some reason, for security or code privilege, that an explicit action
> or confirmation is needed on the part of the user, such confirmation
> should be enforced at the point of execution, when the user attempts to
> do something that might be dangerous.
It's unclear how that would work. Confirmations in general are known to
not work, for instance (users click through anything).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list