09 February 2011

The problem with HTML5 "apps"...

Getting back to my comment in June about making HTML5 a "flash killer", this would also solve the problem of HTML5 as an alternative to native applications. The same ".zap" bundle should be treated as an application, that you can download and install, and have a nice self-contained package that acts like an app.

When I recently brought this up on Buzz, I was directed to HTML5 offline support. That seems rather fragile to me:
  • It's built on top of caching, what happens when you clear your cache? What should happen? Should such implicit "offline" apps stay around after you clear your cache? That sounds like a way to create a "persistent script injection" attack. The idea of the "app bundle" is that you have an object (an app) that you deliberately choose to install, and that you can throw away when you don't want it.
  • How do you know when you have the whole application safely in your cache?

No comments:

Post a Comment