<br><br><div class="gmail_quote">On Tue, Aug 4, 2009 at 10:47 AM, Jeremy Orlow <span dir="ltr"><<a href="mailto:jorlow@chromium.org">jorlow@chromium.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div class="im"><br></div></div><div class="gmail_quote"><div>Which use case is this related to? If the shared worker is creating UI elements for the page, then composing HTML and sicking it into a div's .innerHTML is actually (sadly) the fastest way to go at the moment. Besides that, I can't think of why you'd have some huge tree of information for the gmail use case.</div>
</div></blockquote><div><br></div><div>OK, imagine your inbox. It contains a set of emails organized into "threads", with various attributes and tags associated with them. Imagine your contacts, which has a set of individual contact entities, with chat status information updated dynamically, as well as group information for subsets of those contacts.</div>
<div><br></div><div>I mean, look at the internals of any modern web app - they have data structures of a similar complexity to traditional apps. They aren't just conduits for HTML.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="gmail_quote"><div></div><div class="im">
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote"><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div></div></blockquote><div>Yeah, I'm somewhat leery of the "canned RSS-feed"-style solution to notifications (our vision for notifications is that they are scriptable and more interactive than just a dumb text + icon).</div>
</div></div></blockquote><div><br></div></div><div>What if the notification could have embedded links? If you make them too powerful, you'll definitely see spam/ads/phishing/etc showing up in them.</div><div></div></div>
</blockquote><div><br></div><div>For spam/ads,I think the problem is identical whether the ad is static or not static - the user has to enable notifications from some source, and when something shows up the user needs to have a way to block it if it's inappropriate.</div>
<div><br></div><div>Agreed that scripting potentially enables some phishing exploits, depending on how the user is able to interact with the notification. If the notification can popup and say "Your gmail credentials have expired - please enter them here:" and allow you to type into the notification, then that's a potential phishing exploit. But a scriptable notification with restricted user interaction (i.e. no keyboard input allowed) would seem to be no more phish-able than a static notification.</div>
<div> </div><div>-atw</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="gmail_quote"><div>
</div></div>
</blockquote></div><br>