W3C home > Mailing lists > Public > public-sysapps@w3.org > June 2012

RE: capability restrictions in the runtime strawman

From: Carr, Wayne <wayne.carr@intel.com>
Date: Tue, 26 Jun 2012 19:40:09 +0000
To: Robin Berjon <robin@berjon.com>
CC: W3C SysApps <public-sysapps@w3.org>
Message-ID: <52F8A45B68FD784E8E4FEE4DA9C6E52A3FBC91DE@ORSMSX101.amr.corp.intel.com>
There's a difference between removing cruft and removing features altogether, like no webworkers at all or no downloadable images.

>-----Original Message-----
>From: Robin Berjon [mailto:robin@berjon.com]
>Sent: Monday, June 25, 2012 10:52 AM
>To: Carr, Wayne
>Cc: W3C SysApps
>Subject: Re: capability restrictions in the runtime strawman
>On Jun 25, 2012, at 10:23 , Carr, Wayne wrote:
>>> For instance, the ability to load remote scripts into a secure
>>> context creates interesting security issues. Should it be disabled,
>>> or should developers who rely on that for trusted apps just be made
>>> to dress up as Barney the Dinosaur for the following three months? If
>>> remote scripts are verboten, should the same be done to images?
>> It would seem odd that standalone apps that are the html5 equivalent of
>"native" apps wouldn't even be able to do the equivalent of what a Web page can
>do.  There can be the same kind of policy as CSP to set where resources can come
>from, set at install time.
>I don't want to argue either side at this point, but I think it is useful to take a step
>back and think about how you might want to frame this. If you think of it as
>removing features then it may indeed seem strange; but if you think of it as
>removing cruft (to pick a word that keeps this list family-friendly) such as Adam's
>synchronous XHR examples then it might seem like progress.
>But again, that decision isn't to be made now — at this point I just encourage you
>all to take the time to think about the issue (and of course discuss it here to your
>hearts' content).
>Robin Berjon - http://berjon.com/ - @robinberjon

Received on Tuesday, 26 June 2012 19:40:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:36:09 UTC