W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [widgets] Making config.xml mandatory

From: Arve Bersvendsen <arveb@opera.com>
Date: Tue, 10 Mar 2009 10:52:14 +0100
To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <op.uqklpbodbyn2jm@galactica>
On Mon, 09 Mar 2009 14:12:38 +0100, Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net> wrote:

> Which different security privileges does a widget have in comparison to  
> any other content? Doesn't it depend on a security policy that we do not  
> define in the W3C?

While this is not yet defined by the W3C or other organizations, pre-existing implementations do indeed have different privileges:

1. Commonly, widget runtimes may ignore the same-origin policy that browsers have used
2. Some legacy implementations essentially have shell access, and bundle a set of Gnu (or gnu-like) tools
3. Filesystem access
4. Extended device API work is ongoing, such as OMTP's initiative
Arve Bersvendsen

Developer, Opera Software ASA, http://www.opera.com/
Received on Tuesday, 10 March 2009 09:52:58 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:14 UTC