W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] AppCache and SharedWorkers?

From: Drew Wilson <atwilson@google.com>
Date: Thu, 26 Mar 2009 14:16:27 -0700
Message-ID: <f965ae410903261416n172de734v59110759d5760d4b@mail.gmail.com>
On Thu, Mar 26, 2009 at 1:19 PM, Alexey Proskuryakov <ap at webkit.org> wrote:

>
> But I was looking at this in terms of a model for users, not any specific
> security threats - if we think of persistent workers as an equivalent of
> native applications that need installation, then we should consider that
> native applications don't usually update themselves without user consent.
>

It seems like a common model is for offline-enabled applications to store
their javascript in the ApplicationCache, and encourage users to create
desktop links to access those apps even when offline. Should these
applications (which for all intents are "installed") also prompt users
before updating? Are you suggesting that user agents may want to require
explicit user permission when any application invokes
ApplicationCache.update()? That might be a reasonable approach if a given
user agent wants to enforce some kind of "no silent update" policy...

-atw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090326/d721a586/attachment.htm>
Received on Thursday, 26 March 2009 14:16:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT