WebAPI/WidgetAPI: Difference between revisions
< WebAPI
Jump to navigation
Jump to search
(→Unsafe) |
|||
| Line 55: | Line 55: | ||
==== Unsafe ==== | ==== Unsafe ==== | ||
* | *getScreenshot() | ||
*Navigation methods | *Navigation methods | ||
**getCanGoBack() | **getCanGoBack() | ||
Revision as of 08:58, 21 May 2014
Goals
The widget API allows privileged APPs have ability to embed APPs in their own iframe, i.e. homescreen, lockscreen ....etc.
Use case
Proposal
embed-widgets bug 1005818
In order to expose to privileged APPs and consider security issue.
- "embed-widgets" is a new permission for "mozapp" attribute, it comes from 'embed-apps' but is more restricted.Disallow some of Browser API that embedder can not receive events and use those.
- Set manifest entry in "widget" attribute.
<iframe mozapp="manifesturl" widget="mywidget1">
extend manifest.webapp
Declare details of widget in mainfest.
{
name: "MyApp2000",
...
widgets: {
"mywidget1": {
href: "widget.html"
positions: ["homescreen", "lockscreen"]
description: "This is my cool widget"
},
"myotherwidget": { ... }
}
}
Restriction
Issues under discussion
Browser API
Safe
- Performance methods
- setVisible()
- getVisible()
- purgeHistory()
- Navigation methods
- reload()
- stop()
- Event methods
- sendMouseEvent()
- sendTouchEvent()
- addNextPaintListener()
- removeNextPaintListener()
- Events
- mozbrowserasyncscroll
- mozbrowserclose
- mozbrowsererror
- mozbrowsericonchange
- mozbrowserloadend
- mozbrowserloadstart
- mozbrowserlocationchange
- mozbrowsertitlechange
- mozbrowseropensearch
Unsafe
- getScreenshot()
- Navigation methods
- getCanGoBack()
- goBack()
- getCanGoForward()
- goForward()
- Events
- mozbrowserusernameandpasswordrequired
- mozbrowseropenwindow (i.e. window.open)
- mozbrowsershowmodalprompt (i.e. alert(), confirm(), prompt())
- mozbrowsercontextmenu
- mozbrowsersecuritychange