Re: [widgets] Public keys in widgets URI scheme?

On Wed, May 27, 2009 at 1:58 PM, Arve Bersvendsen <arveb@opera.com> wrote:
> 1. A widget is simply a packaging for any application, and may use any
> technology a widget user agent supports, so in that sense, a widget that
> supports HTML5 should support anything in widget transparently and without
> workaround.  This implies that widgets with underlying support would support
> HTML5 localStorage

Great.

> 2. The Widgets APIs and events uses the same storage interface as HTML5
> localStorage for storing preferences, and as such it is stored (although in
> this case, the storage is not origin-bound, like in HTML5.

What does it mean for the storage to not be origin-bound?  How do you
isolate storage between different widgets?  That sounds like a recipe
for security vulnerabilities and just plain buggy software.

> Note that "random per-instance origin" here would normally imply that the
> instance is created exactly once, on installation, instead of a new instance
> for every invocation, so a widget should keep the origin across invocations.

But not across updates?

Adam

Received on Wednesday, 27 May 2009 21:10:03 UTC