In FirefoxOS we already limit the ability to *handle* an activity to webapps, however we do allow websites to initiate an activity.
I think it would make sense to only allow webapps to both handle and initiate activities on android. This way we can limit exposure until we have a solution that is more hammered out. Note that WebActivities have worked pretty well for us in FirefoxOS so far. However we know that there are several issues with it, especially around activities that return a value. These issues are bad enough that Google backed out their entire WebIntents implementation from Chrome. I.e. the way that the API is currently designed, it will not work on desktop. Fixing these issues will require making incompatible changes to the API. It would be super awesome if someone wanted to spend time on fixing these issues. It shouldn't be terribly hard, but it will require doing UX experiments on both mobile and desktop. So far we've been unable to rally people to do that. But until we've fixed those issues I think it's safer to limit exposure of this API. But exposing it only in installed apps should limit things enough I'd think. Another thing that we should watch out for when implementing on Android is that I think the security model for Android Intents is different from WebActivities. I would not think it's safe to allow an random webpage or even installed webapp to launch arbitrary Android Intents with arbitrary data. A safer implementation strategy is to only forward known activities to Android Intents. I.e. only forwarding things like "pick" and "share". Another thing to keep in mind is that we in FirefoxOS currently have failed at keeping our activity names and parameters at all consistent. Various efforts to clean this up has been attempted, but so far nothing has been implemented. Activity names and parameters are essentially public APIs towards webpages and should be treated as such. / Jonas On Tue, Apr 15, 2014 at 2:08 PM, Joshua Dover <jdo...@mozilla.com> wrote: > Summary: Allow webpages, web apps, and addons to interact with native Android > apps via MozActivity > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=970707 > Link to standard: current MozActivity not on standards track: > https://developer.mozilla.org/en-US/docs/Web/API/MozActivity > Platform coverage: Android > Estimated or target release: in which version do you want to/plan to release > this? > Preference behind which this will be implemented: dom.activities.enabled > > This will retain the 'Moz' prefix in order to maintain compatibility with B2G > as this current specification is not on a standards track (and will probably > not be compatible with what we have now). > > - Notes from the Extensible Web Summit this month > (http://oksoclap.com/p/8pYs44D5CQ) :sicking should be able to provide more > info on standardization progress. > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
