- From: Charles Pritchard <chuck@jumis.com>
- Date: Thu, 05 Apr 2012 15:25:27 -0700
- To: Greg Billock <gbillock@google.com>
- CC: WebIntents <public-web-intents@w3.org>
On 4/5/2012 3:10 PM, Greg Billock wrote: > The expected User Agent behavior is that if this "service" attribute > is present, the picker SHOULD NOT be displayed (although the User > Agent is not prohibited from providing the user a way to reroute such > calls, even though they are marked explicit). Instead, the service url > SHOULD be loaded directly to handle the intent. > > The User Agent MAY ask the user if they wish to install this service, > just like for any other visit of the page, but SHOULD NOT do so > automatically. > > -------------- > Another question: I'd pondered putting "MUST NOT" instead of "SHOULD > NOT" in the last sentence about automatic installation. I'm worried > that this might be a super-cookie, so I think it is probably a bad > idea, but on the other hand, I don't want to restrict user agents too > much, as automatic installation may be a really good UI strategy. All Intents may encounter this issue: an Intent may open up a webpage that contains additional intent registrations. Explicit intents are not necessarily "installed"; they're just kept around while the caller is active. We ought to distance "installation" from explicit invocation. What's the concern about super-cookie exploits? Explicit invocation seems like it'd just rely on applicationCache for speed. It's possible that a UA will prompt a user when launching an Intent anyway: UAs like FF have prompted users to accept applicationCache and/or local storage. -Charles
Received on Thursday, 5 April 2012 22:25:51 UTC