W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2015

Re: [W3C TCP and UDP Socket API]: Status and home for this specification

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 1 Apr 2015 20:47:11 +0200
Message-ID: <CA+c2ei-Y_dVj6vQh45i4kLJszQO33Q8-AR6KyTt045HPA5ZM1A@mail.gmail.com>
To: Domenic Denicola <d@domenic.me>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, "public-webapps@w3.org" <public-webapps@w3.org>
On Wed, Apr 1, 2015 at 7:03 PM, Domenic Denicola <d@domenic.me> wrote:
> From: Boris Zbarsky [mailto:bzbarsky@mit.edu]
>
>> This particular example sets of alarm bells for me because of virtual hosting.
>
> Eek! Yeah, OK, I think it's best I refrain from trying to come up with specific examples. Let's forget I said anything...
>
>> As in, this seems like precisely the sort of thing that one browser might
>> experiment with, another consider an XSS security bug, and then we have
>> content that depends on a particular browser, no?
>
> My argument is that it's not materially different from existing permissions APIs.

I think it is.

In cases like geolocation or notifications, the people writing the
spec, and the people implementing the spec, were able to envision a
reasonable permissions UI.

For the TCP/UDPSocket APIs, no one, to my knowledge, has been able to
describe a reasonable UI.

Basically the spec contains a big "magic happens here" section. That's
always bad in a spec. For example, it'd be bad if the CSS spec said
"figure out column sizes would make the table look good". The fact
that we're talking about permissions doesn't make magic any more ok.

Magic is different from leaving UI details up to the browser.

/ Jonas
Received on Wednesday, 1 April 2015 18:48:08 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:31 UTC