On 07/13/2014 11:55 AM, Jonas Sicking wrote:
Sadly I don't think that is very safe. I bet a significant majority of our users have no idea what a serial port is or what will happen if they allow a website to connect to it.
Agreed. It seems like the concept users are most likely to reliably understand are physical devices. https://github.com/whatwg/serial/issues/23 indicates that that the expected supported underlying layers are USB, Bluetooth, and the random motherboard that still has RS232 ports. As noted in a comment on issue 20 at https://github.com/whatwg/serial/issues/20#issuecomment-28333090 it seems counterproductive to place so much importance on the legacy case.
I think an important statement for the spec to make is why it needs to exist at all? Specifically, it seems like both the WebUSB https://bugzil.la/674718 and WebBluetooth https://bugzil.la/674737 specs should both be equally capable of producing the standard stream abstractions supported by the protocols.
And then the security and UX can both benefit from the appropriate models. This includes features that the WebSerial API currently can't really offer, like triggering a notification/wake-up/load of the app when the device is reconnected via USB or comes into range of the device, etc. This is arguably a net UX win. Additionally, if the security model involved enumerating vendor/product, not only would it simplify the wake-up notification, but the Firefox OS app marketplace could even suggest apps. (Ex: a system notification could notice you plugged in a specific vendor/product pair for the first time and offer to launch a search. Or tell you what it already found, etc.)
Note that I'm not saying the spec/implementation doesn't need to exist. However I do think that from a security/user comprehension perspective WebUSB/WebBluetooth should handle the friendly/easy-to-use stuff and WebSerial needs to be something that needs to be vouched-for by a marketplace or requires the user performing a series of manual steps that would make most people think twice about why they're doing it.
Andrew _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
