- From: Marcos Caceres <marcosc@opera.com>
- Date: Mon, 11 May 2009 14:59:07 +0200
- To: ivan.demarino@orange-ftgroup.com
- CC: arveb@opera.com, public-webapps@w3.org
On 5/11/09 1:43 PM, ivan.demarino@orange-ftgroup.com wrote: > Forgive my ignorance, but... "spoofing attack"? O_o > I guess Arve means click jacking. > I'll explain the scenario I have in mind: > - Widget calls the API "requestModeChange(<string representing a desired > mode>);" > - WUA checks if that mode is valid (the string is valid) and if the WUA > "likes" the mode (there could be WUA that supports only "fullscreen", > for example) > - WUA does a "modechange" on the Widget would it not be easier to just set the widget.viewMode property? If it works, then the mode changes, onModeChange is fired. If it fails, nothing happens (or an error is thrown): function changeMode(aMode){ widget.viewMode = aMode; } widget.onModeChange = function(){ ... } changeMode("banana"); //nothing happens changeMode("mini"); //nothing happens What might be useful is an event object that tells you what the window mode changed from to... maybe. > Where exactly you think there could be a "confused UI" or a "spoofing"? I guess a floating widget that mimics another application, or a full screen widget that emulates a locked screen asking you to enter your username and password. > > > --- > Ivan De Marino > Orange Labs > Mobile and Web Software Engineer, R&D UK > tel. +44 20 8849 5806 > mob. +44 7515 955 861 > mob. +44 7974 156 216 > ivan.demarino@orange-ftgroup.com > > > This e-mail, and any files transmitted with it, is intended only for the > use of the person/s or entity to whom it is addressed. If you are not > the intended recipient (or authorised to receive information for the > intended recipient) you must not use, disclose, copy, print or rely on > this e-mail. If an addressing or transmission error has misdirected this > e-mail, please notify the author by replying to this e-mail and delete > all copies of this e-mail. Thank you. > > France Telecom R&D UK Ltd is a company registered in England and Wales > with company number 4193379. Our registered office is Minerva House, > Montague Close, London, SE1 9BB. > > -----Original Message----- > From: Arve Bersvendsen [mailto:arveb@opera.com] > Sent: 11 May 2009 12:25 > To: DE MARINO Ivan RD-ILAB-LON; marcosc@opera.com > Cc: public-webapps@w3.org > Subject: Re: [widgets] window modes in P&C, was Re: Small question > aboutlatestversion of "P&C specs" (11th Mar 2009) > > On Mon, 11 May 2009 13:14:40 +0200,<ivan.demarino@orange-ftgroup.com> > wrote: > >> About the "widget requesting a resize", I sent in the past an email to > >> Arve about something similar but not quite the same: a sort of >> "request mode change" or something. This would allow widgets to ASK >> the WUA for "mode change". >> Any news about that? > > As I've noted in the past, I don't really think this is a good idea, as > the distinction between "floating" and "application" (or whatever we do > with this in the end), will result in a confusing UI at best. At worst, > we could end with UI spoofing attacks. > > -- > Arve Bersvendsen > > Opera Software ASA, http://www.opera.com/
Received on Monday, 11 May 2009 12:59:51 UTC