[whatwg] [Whatwg] Wish from WeBMartians on 2007-07-31 (public-whatwg-archive@w3.org from July 2007)

From: WeBMartians <webmartians@verizon.net>
Date: Tue, 31 Jul 2007 18:35:59 -0400
Message-ID: <002101c7d3c3$2d25bd80$640a0a0a@pirate>

Wasn't this what, originally in "LiveScript," the <server> (versus <script>) tag was for?

There have been off-shoots of the <server> tag for purposes of ensuring security. For example, <server> tags can run if and only if
the source of the HTML or JS is the browser's machine- thereby implementing a kind of host facility on the client side. To apply
such code to the machine, a user must download the HTML/JS explicitly. After that, it may run unhindered, even updating itself.

Adding the requirement that the browser must have a white-list with the URL for the original download (and maybe, even, any updates)
would help alleviate some of the security concerns. Nonetheless, this could evolve into an enormous "hole" especially with naive
users.

-----Original Message-----
From: whatwg-bounces@lists.whatwg.org [mailto:whatwg-bounces@lists.whatwg.org] On Behalf Of Bert Altenburg
Sent: Tuesday, 2007 July 31 12:01
To: whatwg at lists.whatwg.org
Subject: [Whatwg] Wish




I'm the owner of a SME company that has a big web application in use, which is under continuing development. It has been designed
for us, but we hope to set it free in the future. The web app allows my company to be paperless and virtual (i.e., my employees
don't have to come to an office). I have the following wishes for browsers/HTML 5.

  I'd like to see browsers to be able to run in two modes, a first one for regular web-sites and a special second one for web-
applications. In the second mode an extended set of (JS) commands and HTML tags is available compared to the first mode. For the
second mode there are commands that allow certain actions outside the sand box (like writing documents to disk), that currently
limit web apps to behave more like conventional apps. For reasons of security, the browser will run in second mode only for URLs
selected by the user in the preference window.

So, you may have multiple web-pages on your screen, some in first mode (web-sites) and others in second mode (permitted web-apps).
The windows could have a visual clue for the user to know about the mode.  
For the convenience of developers, all JS commands and HTML tags that belong to the extended set could have a standard prefix like
EX- or
RU- (extended/restricted use).

Bert

Received on Tuesday, 31 July 2007 15:35:59 UTC