When I recently brought this up on Buzz, I was directed to HTML5 offline support. That seems rather fragile to me:
- It's built on top of caching, what happens when you clear your cache? What should happen? Should such implicit "offline" apps stay around after you clear your cache? That sounds like a way to create a "persistent script injection" attack. The idea of the "app bundle" is that you have an object (an app) that you deliberately choose to install, and that you can throw away when you don't want it.
- How do you know when you have the whole application safely in your cache?