[cap-talk] Webkeys vs. the web

Sam Mason sam at samason.me.uk
Thu Apr 2 21:17:11 EDT 2009 

On Fri, Apr 03, 2009 at 01:34:49AM +0100, David-Sarah Hopwood wrote:
> Sam Mason wrote:
> > On Thu, Apr 02, 2009 at 07:07:05PM +0100, David-Sarah Hopwood wrote:
> >
> >> I don't see any significant difference in expected user intent between
> >> clicking "[Copy Shortcut/Copy Link Location]" in a context menu, and clicking
> >> a button that says "Copy this Link". If anything, the former is more
> >> explicit, since a button may do almost anything; what the text of a button
> >> says is merely advisory, and in general untrustworthy.
> > 
> > The context menu gets the value from the "href" of the anchor which is
> > also what gets copied and pasted to other documents.  If we want to save
> > the user from exposing this then we want to make the anchor's href point
> > somewhere bland and generally inert.
> 
> I disagree that it needs to be "inert", but that's a separate issue.

Sorry, I meant inert in an informal chatty way; it should be something
that doesn't grant the full authority of the normal capability.

> We agree that it may need to be different from the URL that is followed.

Yes.

> > Clicking on a "Copy this Link" allows the page's code to bring up some
> > sort of edit box (like Google maps) that contains an authority designating
> > capability.
> 
> OK, but that doesn't require use of a button. It's fairly straightforward
> to implement a link in which the page obtained by following it normally,
> is different to the page obtained by copying the URL using
> "Copy Shortcut/Link Location" and then opening that URL in another
> window, tab, or browser. For example:
> 
> «a href="urlToCopy"
>    onclick="javascript:window.location.href='urlToFollow'; return false;"»

I know about that.  The button I was talking about and think would be
useful is a separate user interface element allowing the user to get
to a URL that grants the full authority--it's purpose is to expose the
"urlToFollow" to the user, but in a controlled manner and only when they
explicitly ask for it.

The purpose of this is to make things do safe things by default, but
allow the user to get their hands dirty if they want to.

-- 
  Sam  http://samason.me.uk/

More information about the cap-talk mailing list