[whatwg] whatwg Digest, Vol 82, Issue 10

Seth Brown learc83 at gmail.com
Tue Jan 4 13:59:38 PST 2011


When you download and run a program you are placing the same level of
trust in a website (unless it the program is also distributed by an
additional trusted site and you can verify the one you have is the
same) as you would when allowing them to access one of your devices.

Therefore, device element access should require the same level of
confirmation as installing a downloaded program.

That being said. Granting access to a particular script instead of an
entire site sounds like a reasonable security requirement to me. As
does using a hash to verify that the script you granted permission to
hasn't changed.

-Seth


More information about the whatwg mailing list