- From: Carr, Wayne <wayne.carr@intel.com>
- Date: Tue, 26 Jun 2012 19:40:09 +0000
- To: Robin Berjon <robin@berjon.com>
- CC: W3C SysApps <public-sysapps@w3.org>
There's a difference between removing cruft and removing features altogether, like no webworkers at all or no downloadable images. >-----Original Message----- >From: Robin Berjon [mailto:robin@berjon.com] >Sent: Monday, June 25, 2012 10:52 AM >To: Carr, Wayne >Cc: W3C SysApps >Subject: Re: capability restrictions in the runtime strawman > >On Jun 25, 2012, at 10:23 , Carr, Wayne wrote: >>> For instance, the ability to load remote scripts into a secure >>> context creates interesting security issues. Should it be disabled, >>> or should developers who rely on that for trusted apps just be made >>> to dress up as Barney the Dinosaur for the following three months? If >>> remote scripts are verboten, should the same be done to images? >> >> It would seem odd that standalone apps that are the html5 equivalent of >"native" apps wouldn't even be able to do the equivalent of what a Web page can >do. There can be the same kind of policy as CSP to set where resources can come >from, set at install time. > >I don't want to argue either side at this point, but I think it is useful to take a step >back and think about how you might want to frame this. If you think of it as >removing features then it may indeed seem strange; but if you think of it as >removing cruft (to pick a word that keeps this list family-friendly) such as Adam's >synchronous XHR examples then it might seem like progress. > >But again, that decision isn't to be made now — at this point I just encourage you >all to take the time to think about the issue (and of course discuss it here to your >hearts' content). > >-- >Robin Berjon - http://berjon.com/ - @robinberjon >
Received on Tuesday, 26 June 2012 19:40:43 UTC