[whatwg] Proposal to extend registerProtocolHandler
mpd at google.com
Tue Jul 5 14:04:37 PDT 2011
On Tue, Jul 5, 2011 at 2:00 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 7/5/11 4:48 PM, Michael Davidson wrote:
>> Granting permission, yes. But just asking for permission?
> If the asking for permission can happen in a context in which the user
> can't tell what's being asked for, it's a really bad idea...
Can you clarify what you mean? Requiring an in-page click doesn't mean that
the user understands either. Malicious pages can just lie in the text. Seems
like it's up to UAs to make sure users understand, and requiring an in-page
click won't help that.
> I say it's less annoying because (in Chrome, anyway), the infobar that
>> asks for permission to be granted isn't modal, and the user can continue
>> with her work.
> This is the one reason that permission requests don't have that higher bar
> yet, yes.
Sadly, they do for desktop notifications. Fortunately, they do not for rPH.
> The UA should make it as clear as possible what the consequences are of
>> granting persistent permissions
> That's really difficult if the site asks for a bunch of permissions in a
I'm all in favor of UAs throttling or doing whatever needs to be done in
order to help the user make educated decisions. I don't believe that
requiring an in-page click will help users at all.
More information about the whatwg