Re: Proposal for incorporating explicit intent invocation into the object literal constructor from Greg Billock on 2012-04-11 (public-web-intents@w3.org from April 2012)

From: Greg Billock <gbillock@google.com>
Date: Wed, 11 Apr 2012 12:17:10 -0700
To: Charles Pritchard <chuck@jumis.com>, Robin Berjon <robin@berjon.com>
Cc: WebIntents <public-web-intents@w3.org>
Message-ID: <CAAxVY9ej9RJbhMZMqGbGjKZZdRd9wi1Fk5JAjcFiQLawTLTmgA@mail.gmail.com>

On Tue, Apr 10, 2012 at 6:38 PM, Charles Pritchard <chuck@jumis.com> wrote:
>
>
> On 4/10/2012 6:23 PM, Greg Billock wrote:
>>
>> Submitted a new version of the spec with mercurial, incorporating
>> these changes, the object literal, and some other syntactic
>> adjustments suggested by Josh and Ian Hickson.
>>
>> I've left the existing Intent constructor in for now, as it didn't
>> sound like we had enough discussion to remove it. Any other opinions?
>>
>> -Greg
>>
>
> You've got some conversion errors:
>
> 3.1.1. <> have been over-serialized.
> 3.2.1. the link to postmsg was not converted into html.

Thanks. Fixed.

(Summoning Robin: the escaping is a bug in respec, it looks like.
There's a different escaping level on the IDL text as in the following
attributes section)

>
> ...
>
> I've got a new concern with event de-registration.
> This may be a non-issue; something similar comes up with Application Cache.
>
> What happens when a hotel WiFi or other untrusted AP decides to do content
> injection,
> possibly redirecting the target page to a "Sign in or pay me now!" webpage,
> or other redirect/404 error?

Good question. If there's an MITM on the page, the browser may believe
it is seeing a deregistration, because the tag isn't present. That's a
difficult case (especially when some proxies MITM SSL!). I don't know
that we can solve it in the spec -- it's a generic problem with the
network environment that browsers have to be able to cope with. That's
why I've tried to leave virtually all of these pieces of functionality
except those related to actual API function as SHOULD/MAY.

> Again, it may be a non-issue... I'm starting to think that Application Cache
> will only ever work [well] on "https" sites.
> Seems more and more like https is going to have to be standard fare for
> tightly integrated web services.

Hallelujah, but even there, there are SSL MITM proxies. ( >:-{} )

>
> Congratulations on getting this spec through; looks like we all gained an
> extras dictionary and transferables. I like that.
> I'm happy having two invocation mechanisms (dictionary and arguments), but I
> won't push back hard if we lose one.
> I like having both.
>
> -Charles
>

Received on Wednesday, 11 April 2012 19:17:42 UTC