On 04/19/2012 03:22 PM, Adrienne Porter Felt wrote: > I assert that it is possible to build a "magic button", although it will > require care. An application puts a placeholder like <camera type="front"> > in order for the element to appear, and CSS cannot be applied to the > element. Its z-index is fixed at the highest z-index so it cannot be > overlaid, and you can disable the ability to fire its click(). You can > enforce that there must be a very short delay (a few ms?) before the UI > element becomes active to prevent apps from throwing it up on the screen > really quickly, where the user expects another button to be.
I don't like this solution at least for those two reasons: - web developers will want to style that button; - you can't guarantee that there will not an element on top of that magic button with "pointer-events: none;" to have the click traverse it and going to the magic button. > Even if that does not end up being the best approach for the Camera API, > such a UI element might be useful elsewhere (e.g., as an option for SMS > apps that don't want a full-screen SMS approval dialog). When does SMS app have to show a full-screen SMS approval dialog? Regular content have to use intents-like system and other content will just be able to use the API, AFAIK. >> IMO, most applications should actually use a Web Intent/Web Activity to >> do that without any privilege: the intent/activity would run the Camera >> app and then the user would understand what this is about. However, the >> Camera App will require a direct access to the camera so accessing the >> camera via the Camera API should be easy (even if that requires explicit >> consent). > > This will break a lot of applications: many applications want/need custom > UI around the camera, so transitioning to the camera app and then returning > a photo does not address many use cases. I doubt that many applications would require a specific UI. On Android, for example, most applications are very ok with using intents to pick a camera instead of re-building a camera picker. This said, apps that require a custom UI would have to just use the Camera API. An intent-like system would solve most use cases but not all. Cheers, -- Mounir _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
