- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Thu, 29 Sep 2011 17:46:06 +0200
- To: public-widgets-pag@w3.org
Web Archive, 27th of April, 2006 http://web.archive.org/web/20060419021533/http://widgets.yahoo.com/gallery/dl_item.php?item=WidgetEngineReference_3.1.1.pdf "IMPORTANT: In version 3.1 and later, you must specify the exact Yahoo! APIs your Widget wants to connect to in a <security> block (see the section on the security block in the XML reference for more info). This list of APIs will be confirmed by the user before your Widget is allowed to access them with Yahoo! credentials, and only those APIs will receive the Yahoo! credentials. If you were using yahooLogin() before 3.1, your Widget will no longer be able to access those APIs until it is modified to included the security block. …. The second type of window is a 'sandbox' window. Currently, the only sandboxed action is logging into a user's Yahoo! account (more actions will be sandboxed in future releases). The first time a Widget attempts to log into a user's Yahoo! account, a window will appear to alert the user of this fact and ask whether the Widget should be granted permission to use their Yahoo! data. Sandbox windows cannot be disabled …. <security> specifies security properties for an object Attributes api Description The security block tells the engine what the Widget can and cannot do. It is used to enforce behaviors to protect the user from a Widget from stepping outside its bounds at times. Availability Available in version 3.1 or later. api a Yahoo! API this Widget wants to connect to. Description The api element identifies to the engine the APIs a Widget wants to access. This list is presented to the user the first time the Widget tries to log in to their Yahoo! account. Only the APIs listed in these <api> items will get the user's Yahoo! credentials passed to them. Most of the APIs are known by the engine and so they will automatically get a humanreadable name in the security dialog that's presented. If there's a new API added that the engine doesn't know about, you can specify a name attribute which tells us what to display in the dialog. If we use the name you specify, we also put the host you specify in the dialog as well so the user can see exactly what's being accessed. If no name is specified, the host is displayed. Example <security> <!-- the notepad API the engine knows --> <api>api.notepad.yahoo.com</api> <!-- some future API below --> <api name="Yahoo! Foozball">foozball.yahoo.com</api> </security> Availability Available in version 3.1 or later. " As Steve Jobs says, "Booom!" the Security Patent is sooooo busted it is laughable :)
Received on Thursday, 29 September 2011 15:46:39 UTC