Looking for feedback regarding https://bugzilla.mozilla.org/show_bug.cgi?id=773060
The gist of the issue is that you could click on a link to non-app content inside of a privileged or certified app that would navigate the top level window outside of the app. Once outside the app, the user has no way of knowing they are no longer interacting with the privileged app, and no way of getting back. IMO this is bad for a few reasons: a) greater risk for phishing and other user confusion attacks - the user has not concept they are no longer interacting with the app, and every indicator would reassure them they are still in the app (click on home button or task list, select the app, and you're back in the fake app UI). b) terrible user experience - the user has no way of getting back to the app they came from without pulling up the task bar, killing the app, then restarting it c) its a developer foot-gun. Developers would have to sanitize all content they display to rewrite all links (to disable or intercept), otherwise one stray link breaks the user experience. Other mobile platforms don't have this problem. The mitigation I recommend would be to disable navigation of top level window to non-app content, and instead show those links in an external browser or a browser overlay (with a URL bar and close button that takes you back to the app). There are probably other ways of solving this problem too, but the properties key of a solution are that the user has some hint as to what they are actually interacting with, and the developer keeps his toes. Lucas. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
