- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 12 Nov 2015 19:33:15 -0800
- To: Jeffrey Yasskin <jyasskin@google.com>
- Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Jake Archibald <jakearchibald@google.com>, WebAppSec WG <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On 12 November 2015 at 18:31, Jeffrey Yasskin <jyasskin@google.com> wrote: > Showing "https://foo.com/, https://bar.com/, and https://baz.com/ want > to upload data" when you arrive at a new network could be > non-interrupty enough Honestly, I think that we've failed if we have to pull out the security analogue of Deus Ex Machina in any situation here. There is no such thing as non-interrupty in any situation other than those where there is an *expectation* for the question. That's not saying that you couldn't build the hooks that would allow a user to control this, we should do that. Or that we shouldn't provide some way of ensuring that the site remain accountable to the user in some way. To that end, some visible indication that background activity is ongoing is a fine idea. But anything that involves modal user interaction is right out in my opinion.
Received on Friday, 13 November 2015 03:33:42 UTC