[manifest] Privacy Review: how to handle navigation to a fullscreen'd application? (#402)

It is actually more of a security issue than a privacy issue. If a user has an application installed and the UA wants them to use it instead of the regular browser experience when clicking on a link, it might be very easy for that application to spoof the user and make them believe they are on another website.

The specification should at least mention that issue and provide some guidance. Maybe show the origin in that case? Always allow the user to find the URL bar?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/402

Received on Tuesday, 25 August 2015 09:30:05 UTC