[whatwg] Security risks of persistent background content (Re: Installed Apps)

On Thu, Jul 30, 2009 at 10:15 AM, Tab Atkins Jr. <jackalmage at gmail.com>wrote:

> On Wed, Jul 29, 2009 at 5:05 PM, Robert O'Callahan<robert at ocallahan.org>
> wrote:
> > What happened to my idea for browsers to have a special window containing
> > tabs for "background apps", which save screen real estate by just showing
> an
> > icon and title (and a URL or domain?) and no actual tab content? You
> might
> > modify the UI so that quitting the normal browser leaves this window
> open,
> > possibly as a separate OS app. Seems to me that this would provide almost
> > exactly the desired functionality but without introducing new security
> > concerns and without requiring a trust decision.
>
> I think I didn't understand what you were talking about the first time
> through!
>
> How does inter-tab (inter-process) communication work here, then?
> Except for the persistence issue, we already have specced methods for
> handling this sort of thing, and it seems like it would be best to
> solve any communication/manipulation issues there first, then tack on
> something to help persist things.


Separate issue. I'm just addressing the persistence needs here.
Communication between tabs in the same domain is easier to solve, it doesn't
bring up any new security issues.

Also: would these pages be regenerated automatically when the browser
> is reopened?
>

Up to the browser, but sure, if you quit the app holding the background tabs
and then relaunch it, it's fine to reopen those tabs. It's just like the
session management that browsers already offer.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090730/5b0982ae/attachment.htm>

Received on Wednesday, 29 July 2009 15:51:02 UTC