- From: Marcos Caceres <marcosc@opera.com>
- Date: Sun, 24 May 2009 13:18:18 +0200
- To: timeless@gmail.com
- CC: public-webapps <public-webapps@w3.org>
On 5/24/09 7:25 AM, timeless wrote: > On Tue, May 19, 2009 at 12:18 PM, Marcos Caceres<marcosc@opera.com> wrote: >> 1. If no<access> element is used, the application type (e.g., HTML, >> Flash, whatever) is responsible for providing the security >> context/rules under which the widget runs. For HTML this means that a >> widget runs as if you had dragged a HTML file from your hard-drive >> into the Web browser. > > this part is scary. since historically that meant a web page with full > file system access even though this wasn't usually what users wanted, > expected, or understood. Of course, that is not what I meant. > (it's true that browsers are evolving to a different model, but...) I should have made myself more clear. I meant that the widget would behave as if it had been dragged from the hard-drive with respect to access to HTTP resources via inline content. The model I am proposing is dependent on the widget:// URI scheme and the assumption that widget:// acts a mounted drive for the widget. Access to the file system would be forbidden. No way was I intending to imply otherwise.
Received on Sunday, 24 May 2009 11:19:00 UTC