- From: <Frederick.Hirsch@nokia.com>
- Date: Mon, 14 Oct 2013 21:03:00 +0000
- To: <public-web-notification@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
I have some personal comments/questions on the Web Notifications Last Call WD, offered as Last Call feedback. This feedback refers to http://www.w3.org/TR/2013/WD-notifications-20130912/ General (1) How will this notification API work with devices that are touch based? Specifically, is onclick appropriate in those cases? How will this specification relate to the Touch Events Recommendation? http://www.w3.org/TR/2013/REC-touch-events-20131010/ (2) Is there more to be said on security and privacy? Section 2.1 "Security" states: "Notifications should only be presented when the user has indicated they are desired; without this they could create a negative experience for the user." Is there any opportunity for attacks using notification data, such as the icon URL, body or tag? Are there restrictions on the body content, could it contain executed javascript? Are there assumptions about the notification mechanism being sandboxed? Is there any risk with sharing URLs in notification bodies? (3) It would help to clarify which specific terminology from DOM, HTML, IDL and URL is used (in Section 3), so it is clear when specific meanings are intended. The terminology "pending" and "active notification" should also be defined in this section. (Pending means queued, active means has been displayed to the user?) (4) Section 4, the model should state the assumptions and constraints. For example, the document assumes that there is only one outstanding notification per origin/tag combination, and that a new notification replaces an earlier one. This is an important aspect of the model that should be included in a summary at the start of section 4. (5) In section 4.2, what happens when the language is unknown? Clarifying text would be helpful. (6) Are there any best practices/experiences related to tags that should be noted? (though the example provides some information on the intent) regards, Frederick Frederick Hirsch Nokia
Received on Monday, 14 October 2013 21:05:46 UTC