- From: Robin Berjon <robin@berjon.com>
- Date: Mon, 25 Jun 2012 10:51:51 -0700
- To: "Carr, Wayne" <wayne.carr@intel.com>
- Cc: W3C SysApps <public-sysapps@w3.org>
On Jun 25, 2012, at 10:23 , Carr, Wayne wrote: >> For instance, the ability to load remote scripts into a secure context creates >> interesting security issues. Should it be disabled, or should developers who rely on >> that for trusted apps just be made to dress up as Barney the Dinosaur for the >> following three months? If remote scripts are verboten, should the same be done >> to images? > > It would seem odd that standalone apps that are the html5 equivalent of "native" apps wouldn't even be able to do the equivalent of what a Web page can do. There can be the same kind of policy as CSP to set where resources can come from, set at install time. I don't want to argue either side at this point, but I think it is useful to take a step back and think about how you might want to frame this. If you think of it as removing features then it may indeed seem strange; but if you think of it as removing cruft (to pick a word that keeps this list family-friendly) such as Adam's synchronous XHR examples then it might seem like progress. But again, that decision isn't to be made now — at this point I just encourage you all to take the time to think about the issue (and of course discuss it here to your hearts' content). -- Robin Berjon - http://berjon.com/ - @robinberjon
Received on Monday, 25 June 2012 17:52:18 UTC