| ▲ | zamadatix 6 hours ago | |
I'm not all that happy with second chance options in the first place... but a dedicated element with browser-level protections on making sure it's clear clicking that particular element is going to second chance the permission prompt is at least much less likely to get abused. | ||
| ▲ | akersten 4 hours ago | parent [-] | |
> protections on making sure it's clear clicking that particular element is going to second chance the permission prompt is at least much less likely to get abused. I guess I really don't understand the abuse they're trying to guard against. The protections are like "the button isn't transparent and there's a 3:1 contrast ratio, because click jacking." Alright, so I will just make the button say 'click to view content' or 'click for free bitcoins' or really anything at all and people will happily press it. And when they do they'll get the same permission dialog they would have if I had been allowed to make the button invisible anyway. I understand the use case for the second chancing. I think it's really crazy to make it require this special HTML (!?) element that you can only have up to 3 of on your page at a time (because we all know as soon as you hit 4 of these buttons it means you're up to no good). If it were me I would have allowed second chancing via JS API, only if initiated by user action (we have that pattern already for events), and with exponential back off between retries. If they were really dead set on this whole concept of secure enclave essential oils elements, they had a decent idea with the `<permission>` element that they mentioned in the article - but then we decided to throw that out, but don't worry, specific `<camera>` and `<microphone>` elements are coming soon. I'm probably getting too old for this... | ||