- From: Jean-Claude Dufourd <jean-claude.dufourd@telecom-paristech.fr>
- Date: Tue, 12 Jun 2012 13:09:21 +0200
- To: "public-web-intents@w3.org" <public-web-intents@w3.org>
Received on Tuesday, 12 June 2012 11:10:56 UTC
Dear all, In section 4.1, the first paragraph is: When handling an Intent marked as explicit (that is, constructed with the object literal constructor with a non-empty*service*field), the expected User Agent behavior is that if this "service" attribute is present, it/should not/display a service selection mechanism to the user. Instead, the service url/should/be loaded directly to handle the intent. (This is not a hard restriction. The User Agent/may/provide a way for the user to intercept even an explicit invocation.) This is a security risk. Why is security more relaxed here than in the previous section ? Why does " The User Agent/must not/deliver an intent to a Service discovered in this way before the user has made a specific action allowing it." not apply here too ? Best regards JC -- JC Dufourd Directeur d'Etudes/Professor Groupe Multimedia/Multimedia Group Traitement du Signal et Images/Signal and Image Processing Telecom ParisTech, 37-39 rue Dareau, 75014 Paris, France Tel: +33145817733 - Mob: +33677843843 - Fax: +33145817144
Received on Tuesday, 12 June 2012 11:10:56 UTC