[whatwg] Installed Apps
atwilson at google.com
Tue Jul 28 10:19:26 PDT 2009
To clarify - I said that *persistent workers* could restrict x-domain
network access. I didn't mean to imply that you could apply this same
reasoning to hidden pages - I haven't thought about hidden pages enough to
comment about the implications of that, since as you mention there are many
more network access methods for hidden pages.
You do have a good point, though, and that is that if hidden pages *or*
persistent workers need to be able to display UI to the user (for example,
to prompt the user to enter their gmail credentials when they first start up
their computer), it has some implications for popup spam.
On Tue, Jul 28, 2009 at 10:09 AM, Aryeh Gregor
<Simetrical+w3c at gmail.com<Simetrical%2Bw3c at gmail.com>
> On Tue, Jul 28, 2009 at 1:01 PM, Drew Wilson<atwilson at google.com> wrote:
> > I've been kicking around some ideas in this area. One thing you could do
> > with persistent workers is restrict network access to the domain of that
> > worker if you were concerned about botnets.
> How would that work for background pages, though? It couldn't include
> any files from other domains in any form (image, script, style, etc.)?
> But it could still spawn a regular tab and load whatever it wanted in
> that. Have it spawn a popunder window, say, quickly open a bunch of
> things from foreign sites, and close it before the user notices
> anything more than a sudden odd flicker. Or whatever. Workers, if I
> understand right (I haven't read the spec . . .), can't do things like
> open new tabs, but it's been explicitly stated that these background
> pages should be able to do just that.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg