- From: Ben Francis <notifications@github.com>
- Date: Fri, 17 Apr 2015 06:44:27 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/issues/360/93988819@github.com>
Sort of. It's less about a page being tampered with, and more about potential use cases where a page might not be involved in the installation process at all. For example, if a web app were to be submitted to the Windows Store or the Firefox Marketplace by its manifest URL alone (without reference to any page), an application context could be created using that manifest without worrying that the content at its start_url is being used as an app against the author's will! Currently the spec makes these assurances by assuming that an app will be installed from a page of the app itself and checks the start_url is same origin with that page, this alternative approach works even if a page isn't involved. I think it could be left down to vendors whether to show an error or handle the navigation with a regular browsing context (i.e. open it in a browser tab). The only question is whether those use cases are considered in scope for the spec or not. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/360#issuecomment-93988819
Received on Friday, 17 April 2015 13:44:58 UTC