- From: Marcos Cáceres <notifications@github.com>
- Date: Mon, 08 Jun 2020 17:38:50 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 9 June 2020 00:39:09 UTC
@marcoscaceres commented on this pull request.
> + </h3>
+ <p>
+ It's conceivable that any <a>ShortcutItem.url</a> could be crafted to
+ indicate that the application was launched from outside the browser
+ (e.g., <code>"url": "/task/?from=homescreen"</code>).
+ This can be useful for analytics and possibly other customizations.
+ However, it is also conceivable that developers could encode
+ strings into the <a>ShortcutItem.url</a> that uniquely identify the
+ user (e.g., a server assigned <abbr>UUID</abbr>). This is
+ fingerprinting/privacy sensitive information that the user might not
+ be aware of.
+ </p>
+ <p>
+ Given the above, it is RECOMMENDED that, upon installation, or any
+ time thereafter, a user agent allows the user to inspect and, if
+ necessary, modify the <a>url</a> of a <a>ShortcutItem</a>.
```suggestion
necessary, modify the {{ShortcutItem/url}} of a {{ShortcutItem}}.
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/896#pullrequestreview-426712807
Received on Tuesday, 9 June 2020 00:39:09 UTC