- From: Marcos Cáceres <notifications@github.com>
- Date: Wed, 16 Feb 2022 00:22:45 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/pull/1011/review/884116368@github.com>
@marcoscaceres commented on this pull request.
> + User agents SHOULD be careful about performing update to manifest
+ fields like app name and icons. Users should be fully aware if
+ such fields are to be be updated to avoid web applications being
+ installed and silently changed to appear as a different one.
+ </p>
```suggestion
For the purpose of updating, the following member are
<dfn>security-sensitive members</dfn>, as they are presented during
installation and on launch surfaces:
</p>
<ol>
<li>[=manifest/short_name=],
</li>
<li>[=manifest/icons=]
</li>
<li>[=manifest/name=],
</li>
</ol>
<p data-cite="permissions">
User agents SHOULD NOT automatically apply changes to
[=security-sensitive members=] without [=express permission=] from
the user.
</p>
<p>
Instead, user agents SHOULD present changes to [=security-sensitive
members=] with appropriate management options, so the user can make
an informed decision about updating the web application.
</p>
<p>
The user agent MAY automatically apply the changes if the update
does not contain changes to [=security-sensitive members=].
</p>
<aside class="note" title=
"A user agent won't not apply a partial update">
<p>
For example, the user agent could present options to the user:
</p>
<ol>
<li>Accept the update
</li>
<li>Uninstall the web app, or
</li>
<li>Report the website as abusive/spam.
</li>
</ol>
</aside>
```
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/1011#pullrequestreview-884116368
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/manifest/pull/1011/review/884116368@github.com>
Received on Wednesday, 16 February 2022 08:22:57 UTC