I agree with Jonas BTW, this seems like a bug in the dialer app not the web activity API. Lucas.
On 9/28/2012 7:55 PM, Jonas Sicking wrote: > On Fri, Sep 28, 2012 at 7:00 PM, ANTONIO MANUEL AMAYA CALVO <[email protected]> > wrote: >> This one >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=794407 >> >> isn't on any on the lists (or if it is I didn't see it), and it really >> should be. > FWIW, relying on user actions should never be used as a security > mechanism. The user might not have any idea that his/her action can > cause something harmful to happen and might just be thinking he/she is > clicking a link or scrolling a window. > > The "user action required" step should only be used to prevent APIs > from being used to annoy the user. I.e. to prevent a API from opening > dialogs every second. > >> As it stands now, any web page can use the 'dial' web activity from a script >> and the dialer just places the call. > That really should not be the case. If it is that's a separate bug and > a bad one. No app should take any potentially harmful actions just in > response to an activity. It's the responsibility of the dialer app to > make sure that the user really wants to place the phonecall, for > example by just prefilling the phone number but waiting for the user > to press the 'dial' button. > > / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
