- From: timeless <timeless@gmail.com>
- Date: Sun, 24 May 2009 08:25:40 +0300
- To: marcosc@opera.com
- Cc: public-webapps <public-webapps@w3.org>
On Tue, May 19, 2009 at 12:18 PM, Marcos Caceres <marcosc@opera.com> wrote: > 1. If no <access> element is used, the application type (e.g., HTML, > Flash, whatever) is responsible for providing the security > context/rules under which the widget runs. For HTML this means that a > widget runs as if you had dragged a HTML file from your hard-drive > into the Web browser. this part is scary. since historically that meant a web page with full file system access even though this wasn't usually what users wanted, expected, or understood. (it's true that browsers are evolving to a different model, but...)
Received on Sunday, 24 May 2009 05:26:20 UTC