W3C home > Mailing lists > Public > www-dom@w3.org > July to September 2011

Re: Valid auto-invocation events

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 07 Sep 2011 04:20:13 +0200
To: Robin Berjon <robin@berjon.com>
Cc: www-dom@w3.org, public-device-apis@w3.org
Message-ID: <cpjd679adt7bsmbejd9ujep708ggau8utq@hive.bjoern.hoehrmann.de>
* Robin Berjon wrote:
>in working on the Contacts API[0], DAP has described a security model in
>which opening up a contacts picker (which is similar in idea to a file
>picker, but — you guessed if — for contacts rather than files) can be
>triggered only by code that traces back to a genuine user action. The
>idea is that this would be similar to the way in which window.open() or
><input type=file>.click() are handled so as to prevent abuse but not
>require an ugly control.

And what is the problem you are trying to solve, exactly? Do you think
there will be disputes where someone presents a plausible scenario and
some people will say "this was a genuine user action meant to bring up
the picker" and many others will plausibly claim it wasn't? UI design
does not seem to allow for this kind of dispute. If you tell the code
monkeys how to implement this exactly, you would quite inevitably do
cause such a dispute, in a worse form, because behavior that does not
correspond to user expectations would be backed by a specifcation, and
people would talk about that instead of using common sense.

You don't need a centralised definition for this either, if you feel
the above sufficiently conveys the your ideas, on the contrary, if the
idea is "make this like this file upload thing", everybody will under-
stand that much better than when you start referencing "dblclick". And
if that is not what you mean, then you failed to convey your ideas to
my humble self, in which case "dblclick" doesn't do you any good either.
User intent is between the user and the user interface, you can't get
below that from a lower level specification that relies on the UI, it
would be a layering violation.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Wednesday, 7 September 2011 02:20:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 22 June 2012 06:14:08 GMT