Open zenhack opened 4 years ago
Definitely would be good. My default when seeing a permission prompt is "no" unless I understand why. I feel like the feed URL case may be a little bit obvious, but plenty of other cases will need a lot more explanation. An app could also specify what information is transmitted over the request, or what the impact of rejecting the request has on functionality.
Make sure that the blurb is presented in a clearly defined rectangle (not merely quotes) and explained so that the user can understand that it's a claim by the app, not Sandstorm.
@kpreid Yeah, I was thinking about that too. And I agree embedding the app-provided text in a box is very helpful in separating the trusted UI from app content.
Right now, when an app makes a powerbox request, the powerbox UI is pretty bare bones, and just displays a UI to select something -- but no context information. In order to avoid needing a separate prompt or dialog to explain their intention to users, we should provide some way to include some explanatory text in the powerbox request.
This comes up in the context of ttrss: ideally a feed reader should use a powerbox request to get the feed URL directly, rather than asking the user for a URL and then asking Sandstorm for access to it separately. But right now there's not a good way to include information about what the user is selecting; ideally we'd provide a mechanism through which the feed reader could add a blurb explaining that the request is for a feed URL.