W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widgets] Public keys in widgets URI scheme?

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 27 May 2009 14:09:11 -0700
Message-ID: <7789133a0905271409i2020ddbbqb37b312450ad05b7@mail.gmail.com>
To: Arve Bersvendsen <arveb@opera.com>
Cc: Thomas Roessler <tlr@w3.org>, Henri Sivonen <hsivonen@iki.fi>, public-webapps <public-webapps@w3.org>
On Wed, May 27, 2009 at 1:58 PM, Arve Bersvendsen <arveb@opera.com> wrote:
> 1. A widget is simply a packaging for any application, and may use any
> technology a widget user agent supports, so in that sense, a widget that
> supports HTML5 should support anything in widget transparently and without
> workaround.  This implies that widgets with underlying support would support
> HTML5 localStorage


> 2. The Widgets APIs and events uses the same storage interface as HTML5
> localStorage for storing preferences, and as such it is stored (although in
> this case, the storage is not origin-bound, like in HTML5.

What does it mean for the storage to not be origin-bound?  How do you
isolate storage between different widgets?  That sounds like a recipe
for security vulnerabilities and just plain buggy software.

> Note that "random per-instance origin" here would normally imply that the
> instance is created exactly once, on installation, instead of a new instance
> for every invocation, so a widget should keep the origin across invocations.

But not across updates?

Received on Wednesday, 27 May 2009 21:10:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:53 UTC