W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widget] Security model

From: timeless <timeless@gmail.com>
Date: Sun, 24 May 2009 08:25:40 +0300
Message-ID: <26b395e60905232225l14695473id03d3990e78013c7@mail.gmail.com>
To: marcosc@opera.com
Cc: public-webapps <public-webapps@w3.org>
On Tue, May 19, 2009 at 12:18 PM, Marcos Caceres <marcosc@opera.com> wrote:
> 1. If no <access> element is used, the application type (e.g., HTML,
> Flash, whatever) is responsible for providing the security
> context/rules under which the widget runs. For HTML this means that a
> widget runs as if you had dragged a HTML file from your hard-drive
> into the Web browser.

this part is scary. since historically that meant a web page with full
file system access even though this wasn't usually what users wanted,
expected, or understood.

(it's true that browsers are evolving to a different model, but...)
Received on Sunday, 24 May 2009 05:26:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:53 UTC