- From: L. David Baron <dbaron@dbaron.org>
- Date: Mon, 21 Nov 2005 16:10:49 -0800
- To: public-webapi@w3.org
- Message-ID: <20051122001049.GA31954@ridley.dbaron.org>
On Monday 2005-11-21 07:44 -0800, Kenny wrote:
> I have to agree with Sylvain, that I think users would evolve as web
> application do and the need for that back button might become
> unnecessary. Of course in the mean time there should be something to
> help the who still want to use the back button, but as fast as Ajax is
> growing, users may evolve before new technology can be implemented.
I disagree here: link navigation is fundamental to the Web, and I don't
think the back and forward buttons will or should become obsolete.
> My big concern with both document.save and pushState is security. The
> pushState method has a recommendation for security, "It is suggested
> that to avoid letting a page "hijack" the history navigation
> facilities of a UA by abusing pushState(), the UA provide the user
> with a way to jump back to the previous page (rather than just going
> back to the previous state).", but if this is not implemented,
> malicious developers could take control of the users navigation.
I think a better solution than extra user interface is a solution like
what popup blocking uses: pushState (like window.open these days)
should only be allowed while handling a user event like a click or a
keypress that expresses the user's choice to navigate to a different
state (like navigating to a different page).
-David
--
L. David Baron <URL: http://dbaron.org/ >
Technical Lead, Layout & CSS, Mozilla Corporation
Received on Tuesday, 22 November 2005 00:11:00 UTC