- From: Ming, Bai <bai.ming@intel.com>
- Date: Mon, 22 Apr 2013 13:41:18 +0800
- To: Mounir Lamouri <mounir@lamouri.fr>
- CC: public-sysapps@w3.org
On 04/19/2013 09:29 PM, Mounir Lamouri wrote: > > launch() and uninstall() live in the Application object because you want > to uninstall or launch a specific application, so you can get the > application then call the method. The specs currently say that you > should fire an error if the caller isn't allowed to do the action but > the not allowed part isn't specified, the reason is that it isn't only > related to a permission and most of the time, if you can access an > application object, you should probably be able to launch or uninstall > it. The ways being that you are a store that installed the application > or you are the application itself. Yes, agreed, so looks like it's better to have 'hide()' and 'exit()' also checked, otherwise any application can terminate or hide another application. Regarding the 'launch()' call, I've got two concerns: Should we be thinking about adding a parameter for it? What about multiple application instance? Or is it possible for the application itself to control how much instance exists? What I'm thinking right now is to check whether the application is already launched by enumerate Application.state in the 'onlaunch()' callback. BTW, should the 'not allowed' part be defined in the spec? I mean, to pop up a window informing user or to maintain a black/white list by runtime ,etc.. > > Regarding install(), it is on purpose living in ApplicationRegistry > instead of ApplicationManagement because we want any website to be able > to install() its own application and any website being able to behave > like a store. Yes, but the 'getInstalled()' function isn't checked, by which a malicious application can footprint a user. Thanks!
Received on Monday, 22 April 2013 05:40:03 UTC