- From: Matthew Raymond <spacedog@planetquake.com>
- Date: Thu, 10 Jun 2004 23:25:26 -0400
Ian Hickson, Thu Jun 10 12:18:23 PDT 2004: > One possibility would be for the application to be able to "request" > WAOB status, maybe using an attribute or something: > > <html application="application"> > > ...and this would pop up a dialog box saying: > > :: Security Warning ::::::::::::::::::::::::::::::::::: > | | > | The Web page at this domain: | > | | > | paypcl.com | > | | > | ...wishes to launch an application in a separate | > | window. Do you trust this domain? | > | | > | [x] Remember this decision. | > | | > | (( Trust paypcl.com )) ( Display as Web page ) | > | | > '-----------------------------------------------------' > > What do people think? Would this solve the problem? I think you almost have it, but not quite. Web apps can already bring up windows that don't have the chrome in IE 6.0 RIGHT NOW! We don't need additional attributes to control whether or not you can deactivate chrome. What we need are new guidelines for how popup-blocking technologies should deal with chrome deactivation. Here's the general idea: Instead of having the above dialog example triggered by a new "application" attribute, we simply detect whenever Javascript tries to create a window with no chrome, or when a web application contains Javascript that removes the chrome from its own window. This approach allows makers of popup-blocking software (which will soon include Microsoft) to control these kinds of applications without having to support new markup. In a nutshell: Forget the markup and concentrate on making "popup blocking" a more integral part of the browser security model.
Received on Thursday, 10 June 2004 20:25:26 UTC