- From: David Levin <levin@google.com>
- Date: Thu, 30 Jul 2009 11:11:10 -0700
On Thu, Jul 30, 2009 at 10:18 AM, Michael Davidson <mpd at google.com> wrote: > On Tue, Jul 28, 2009 at 10:58 PM, Maciej Stachowiak<mjs at apple.com> wrote: > > > > Here's some security risks I've thought about, for persistent workers and > > persistent background pages: > > > > <great list of risks> > > Thanks for the list, Maciej. However, Firefox extensions today have > all of the same problems. Do you consider the permission UI in Firefox > insufficient? Given Safari's extension model, I'm going to guess the > answer is yes. The fact that FF has extensions, however, at least > shows that one browser vendor believes that sufficient permission UI > exists. Maciej said this at the end of original email. "I do think offering a feature like this in the context of an application or extension style install experience might be acceptable - specifically an experience that is explicitly initiated by the user with multiple affirmative steps. But web features are not usually designed around such an expectation, usually this is the hallmark of a proprietary platform, at times also including central vetting and revocation capabilities." Does that answer your question? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090730/54b14654/attachment.htm>
Received on Thursday, 30 July 2009 11:11:10 UTC