[whatwg] Proposal for a debugging information API

[Ian Hickson]

On Fri, 16 Nov 2012, David Barrett-Kahn wrote:
>
> Thanks Ian. So here's what confuses me, why is the bar so much higher 
> for traditional webapps than it is for browser extensions, chrome apps, 
> native apps, mobile apps or nearly anything else?

Browser extensions, chrome apps, native apps, and mobile apps aren't 
anywhere near as secure as Web apps.

The bar shouldn't be any lower for them than for the Web, but that it is 
is one of the Web's biggest strengths. You can, by and large, follow any 
random link, and be assured that you're not going to get scammed (modulo 
security bugs). If you just install any random native program you come 
across, your machine is going to become a nest of malware.


> Extensions, chrome apps, and mobile apps have a consent experience, but 
> it's hard to argue that users are making an informed decision there and 
> that the consent experience really protects them. Native apps have no 
> consent experience at all.

Right. Compare the average amount of malware on a Windows machine to that 
on a Chrome OS machine. :-)


> I guess I'm hoping you can point me to some guidelines you've developed 
> or which you agree with on where the limits of the web sandbox should 
> be.  I'd rather not force you to re-have a discussion I'm sure you've 
> had far too many times :-)

I don't think there's anything formally written down.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'