|
|
|
|
|
|
by mmahemoff
4261 days ago
|
|
|
"User agents must not provide Push API access to webapps without the express permission of the use" I share your concern. but I share a great fear that web apps will become increasingly irrelevant if they remain just documents that can't do anything when they're not explicitly in a running tab/window. The permission requirement is the same one that allows for local storage, which could have caused great problems, but has so far held up well. |
|
|
Assuming this does not allow the push of UI interaction, then yes. If it would allow UI responses to be pushed then we would be one XSS vulnerability or "uneducated users" away from a new set of exploits for forcing pop-under advertising , and other potentially more insidious problems, through.
Local Storage and Index DB are storage only so the only attack routes are DoS-due-to-disk-full-errors which is generally less attractive (you can make more money pushing stuff to people than pushing people off the network).