Re: Valid auto-invocation events

On Tue, Sep 6, 2011 at 7:52 AM, Robin Berjon <robin@berjon.com> wrote:

> Dear www-dom,
>
> in working on the Contacts API[0], DAP has described a security model in
> which opening up a contacts picker (which is similar in idea to a file
> picker, but — you guessed if — for contacts rather than files) can be
> triggered only by code that traces back to a genuine user action. The idea
> is that this would be similar to the way in which window.open() or <input
> type=file>.click() are handled so as to prevent abuse but not require an
> ugly control.
>

Note that this is only needed for file pickers because file pickers are
window modal, rather than tab modal.  Most user interaction is becoming tab
modal, but file pickers are usually provided by the windowing system, which
unfortunately tend not to support embedding file pickers inside of windows.
File pickers need to be limited to clicks to prevent runaway scripts from
opening file pickers in an infinite loop, locking up the whole window and
forcing the user to kill the browser, and to prevent yanking focus to a
background tab unsolicited.

I'd hope that contact pickers could be tab modal, so they don't have that
problem and don't need the user-click limitation.  Adding new window-modal
user interactions would be a huge step back.

-- 
Glenn Maynard

Received on Wednesday, 7 September 2011 14:00:08 UTC