Re: Comments/questions on Web Notifications Last Call WD from Anne van Kesteren on 2013-10-29 (public-web-notification@w3.org from October 2013)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 29 Oct 2013 15:21:09 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>
Cc: Web Notification WG <public-web-notification@w3.org>
Message-ID: <CADnb78j3X_QQKuoqEH0_fVF7vmQF6JYe8FuCrG8Jj6syfzOgLQ@mail.gmail.com>

On Mon, Oct 14, 2013 at 10:03 PM,  <Frederick.Hirsch@nokia.com> wrote:
> This feedback refers to http://www.w3.org/TR/2013/WD-notifications-20130912/

I used your feedback to improve http://notifications.spec.whatwg.org/


> (1) How will this notification API work with devices that are touch based? Specifically, is onclick appropriate in those cases?

Yes. "click" is the web platform's name for "activate". I added a
section that defines activating a notification.


> (2) Is there more to be said on security and privacy? Section 2.1 "Security" states:
>
> Is there any opportunity for attacks using notification data, such as the icon URL, body or tag? Are there restrictions on the body content, could it contain executed javascript? Are there assumptions about the notification mechanism being sandboxed? Is there any risk with sharing URLs in notification bodies?

The body is just text.


> (3) It would help to clarify which specific terminology from DOM, HTML, IDL and URL is used (in Section 3), so it is clear when specific meanings are intended.

The specific terms are cross-referenced (across specifications)
throughout the draft.


> The terminology "pending" and "active notification" should also be defined in this section. (Pending means queued, active means has been displayed to the user?)

No, the terminology section is generally used for high-level terms.
Not for terms specific to the feature. Those are defined inline.


> (4) Section 4, the model should state the assumptions and constraints. For example, the document assumes that there is only one outstanding notification per origin/tag combination, and that a new notification  replaces an earlier one.
> This is an important aspect of the model that should be included in a summary at the start of section 4.

It's not entirely clear to me yet what the exact constraints are. Need
some more implementation experience first.


> (5) In section 4.2, what happens when the language is unknown? Clarifying text would be helpful.

Nothing happens whether known or unknown. It's just information for
the notifications layer.


> (6) Are there any best practices/experiences related to tags that should be noted? (though the example provides some information on the intent)

Also seems like it would require more experience first.


-- 
http://annevankesteren.nl/

Received on Tuesday, 29 October 2013 15:21:37 UTC