[whatwg] Installed Apps

Aryeh Gregor Simetrical+w3c at gmail.com
Tue Jul 28 04:23:19 PDT 2009


On Tue, Jul 28, 2009 at 3:02 AM, Jonas Sicking<jonas at sicking.cc> wrote:
> Google Chrome (and I think other browsers) allow pages to be
> "installed" as web applications which run in a separate window. It
> would be interesting to look at the UI for that feature. However
> installApp allows something even more powerful than that, since it
> allows a hidden page that the user can't easily simply close, and so
> should probably have an even more restrictive UI.

I'm not sure what "an even more restrictive UI" means.  I don't think
"lots of scary warnings" is a good approach here.  (Or elsewhere, but
that's a separate issue.)  Better to do something like:

"https://mail.google.com/ would like to continue running a background
page permanently after you browse away.  This might make the site
faster if you use it a lot, but could use up your computer's
resources.  Would you like to allow this?  You can disable it later
from the Add-Ons menu."

Then try to think of some obvious forms of disruptive behavior, like
using too much CPU, and have some appropriately-calibrated
notification if that happens asking the user if he'd like to disable
the page.  Conceivably a background page could misbehave enough that
the user can't easily close it.  But this is already true for normal
pages, and those can already be persistent if the user has session
restore enabled and the tab somehow freezes or crashes the browser so
the user can't close it.  Browsers should be able to provide UI to
handle this (and do, for normal pages, if they provide session
restore).

There's not really a whole lot that a malicious or incompetent
persistent page could do to the user's computer.  At worst, it could
interfere with the browser.  I guess the botnet concern is justified,
though (for use in DDoS or something).  Not sure how to avoid that.



More information about the whatwg mailing list