- From: Evan Stade <notifications@github.com>
- Date: Wed, 19 Jan 2022 08:07:44 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/pull/1005/review/857020913@github.com>
@evanstade commented on this pull request. > + <p> + A user agent MAY prevent registered file handlers from registering + as the 'default' file handler for a given type if the operating + system allows. + </p> + </section> + <section> + <h3> + Privacy consideration: Default [=file handler=]. + </h3> + <p> + Depending on the operating system capabilities, the [=manifest/file + handler=] could become a 'default' handler (e.g. handling launches + of a given file type automatically) of a given [=file type=] + without the explicit knowledge of the user. To protect against + possible mis-use, user agents MAY require explicit user consent to In general, triggering this API requires user action at the OS level, e.g. `file browser > file > context menu > open with > app`. There's a similar amount of user interaction as with `<input type="file">`. If a user agent is careful about how it presents the app in OS level surfaces and depending on details of the OS (such as whether it might silently make a new app the default handler for a file type) then this added confirmation step is arguably not necessary. That said, the current plan for Chromium **is** to show this extra user consent step. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/pull/1005#discussion_r787906753 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/pull/1005/review/857020913@github.com>
Received on Wednesday, 19 January 2022 16:07:56 UTC