W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] Installed Apps

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Tue, 28 Jul 2009 07:23:19 -0400
Message-ID: <7c2a12e20907280423p4ee7afffhaea860034fcc656a@mail.gmail.com>
On Tue, Jul 28, 2009 at 3:02 AM, Jonas Sicking<jonas at sicking.cc> wrote:
> Google Chrome (and I think other browsers) allow pages to be
> "installed" as web applications which run in a separate window. It
> would be interesting to look at the UI for that feature. However
> installApp allows something even more powerful than that, since it
> allows a hidden page that the user can't easily simply close, and so
> should probably have an even more restrictive UI.

I'm not sure what "an even more restrictive UI" means.  I don't think
"lots of scary warnings" is a good approach here.  (Or elsewhere, but
that's a separate issue.)  Better to do something like:

"https://mail.google.com/ would like to continue running a background
page permanently after you browse away.  This might make the site
faster if you use it a lot, but could use up your computer's
resources.  Would you like to allow this?  You can disable it later
from the Add-Ons menu."

Then try to think of some obvious forms of disruptive behavior, like
using too much CPU, and have some appropriately-calibrated
notification if that happens asking the user if he'd like to disable
the page.  Conceivably a background page could misbehave enough that
the user can't easily close it.  But this is already true for normal
pages, and those can already be persistent if the user has session
restore enabled and the tab somehow freezes or crashes the browser so
the user can't close it.  Browsers should be able to provide UI to
handle this (and do, for normal pages, if they provide session
restore).

There's not really a whole lot that a malicious or incompetent
persistent page could do to the user's computer.  At worst, it could
interfere with the browser.  I guess the botnet concern is justified,
though (for use in DDoS or something).  Not sure how to avoid that.
Received on Tuesday, 28 July 2009 04:23:19 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC