- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Tue, 28 Jul 2009 07:23:19 -0400
On Tue, Jul 28, 2009 at 3:02 AM, Jonas Sicking<jonas at sicking.cc> wrote: > Google Chrome (and I think other browsers) allow pages to be > "installed" as web applications which run in a separate window. It > would be interesting to look at the UI for that feature. However > installApp allows something even more powerful than that, since it > allows a hidden page that the user can't easily simply close, and so > should probably have an even more restrictive UI. I'm not sure what "an even more restrictive UI" means. I don't think "lots of scary warnings" is a good approach here. (Or elsewhere, but that's a separate issue.) Better to do something like: "https://mail.google.com/ would like to continue running a background page permanently after you browse away. This might make the site faster if you use it a lot, but could use up your computer's resources. Would you like to allow this? You can disable it later from the Add-Ons menu." Then try to think of some obvious forms of disruptive behavior, like using too much CPU, and have some appropriately-calibrated notification if that happens asking the user if he'd like to disable the page. Conceivably a background page could misbehave enough that the user can't easily close it. But this is already true for normal pages, and those can already be persistent if the user has session restore enabled and the tab somehow freezes or crashes the browser so the user can't close it. Browsers should be able to provide UI to handle this (and do, for normal pages, if they provide session restore). There's not really a whole lot that a malicious or incompetent persistent page could do to the user's computer. At worst, it could interfere with the browser. I guess the botnet concern is justified, though (for use in DDoS or something). Not sure how to avoid that.
Received on Tuesday, 28 July 2009 04:23:19 UTC