[whatwg] Suggestion for a Specification: XUL Basic from Jose Dinuncio on 2004-06-10 (public-whatwg-archive@w3.org from June 2004)

From: Jose Dinuncio <jdinunci@uc.edu.ve>
Date: Thu, 10 Jun 2004 16:38:35 -0400
Message-ID: <1086899915.2206.1565.camel@skade.uc.edu.ve>

El jue, 10-06-2004 a las 15:18, Ian Hickson escribi?:
> [...]
> >> Presentational markup is very bad for accessibility. Whatever language
> >> you use, you would want it to be semantic. And luckily we have this
> >> semantic language right here and already supported in several
> >> browsers... HTML. :-)
> 
> > Ok. But if web apps outside the browser are to be implemented, it would
> > be necessary a way to attach info to the window (again, menu bar,
> > control bar, status bar, close button...)
> 
> Yeah, those would just be extensions to HTML in web-apps 1.0.
> 
> 

Wonderful!


> >> No but it will tell you whether the application is from www.paypal.com
> >> or hostile.intranet.example.com, even if the actual content looks
> >> identical in both.
> >
> > Security by browser chrome doesn't seem the way to go.
> 
> How would you do it then?

My way to handle it would be not to handle it at all, at least, not in
any of the specs of WHAT. That's a work for PKI, server, browser and
user policies and other specs. A server can choose display a predefined
greeting over SSL for each user, a browser can choose to display a red
sidebar with the url of origin for each WAOB it opens. A user can choose
to allow only WAOB for certain sites, etc.


> > I'm trying to keep open a path to WAOB. I think this feature can play an
> > important role in the future of this project.
> 
> I agree.
> 
> One possibility would be for the application to be able to "request" WAOB
> status, maybe using an attribute or something:
> 
>    <html application="application">
> 
> ...and this would pop up a dialog box saying:
> 
>    :: Security Warning :::::::::::::::::::::::::::::::::::
>    |                                                     |
>    | The Web page at this domain:                        |
>    |                                                     |
>    |    paypcl.com                                       |
>    |                                                     |
>    | ...wishes to launch an application in a separate    |
>    | window. Do you trust this domain?                   |
>    |                                                     |
>    | [x] Remember this decision.                         |
>    |                                                     |
>    |     (( Trust paypcl.com ))  ( Display as Web page ) |
>    |                                                     |
>    '-----------------------------------------------------'
> 
> What do people think? Would this solve the problem?

Again, wonderful!
I totally agree.

-- 
Jose Dinuncio <jdinunci at uc.edu.ve>
Universidad de Carabobo

Received on Thursday, 10 June 2004 13:38:35 UTC