List of comments on “Mobile Web Application Best Practices” (dated 6 October 2009)

Status: allopen proposal pending resolved_yes resolved_no resolved_partial other Type: allsubstantive editorial typo question general comment undefined

Quick access to LC-2265 LC-2266 LC-2271 LC-2272 LC-2273 LC-2274 LC-2275 LC-2276 LC-2277 LC-2278 LC-2279 LC-2280 LC-2281 LC-2282 LC-2283 LC-2284 LC-2285 LC-2286 LC-2287 LC-2288 LC-2290 LC-2291 LC-2292 LC-2293 LC-2294 LC-2295 LC-2296 LC-2297 LC-2298 LC-2299 LC-2300

Comment LC-2265

Commenter: Arthur Barstow <art.barstow@nokia.com> (archived message)

Context: Status of this Document

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

Re Status of the Document (SotD) section: given this document is
purely non-normative, why is this document "expected to become a W3C
Recommendation" rather than a Working Group note? For example, how
would this document ever be able to meet the following entrance
criteria for Proposed Recommendation:

[[
http://www.w3.org/2005/10/Process-20051014/tr.html#cfr

2. Shown that each feature of the technical report has been implemented.
]]

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added03

Resolution: We will follow the precedent set by various Recommendations which are guidelines, e.g. the Mobile Web Best Practices, and have Exit Criteria which shows that each Best Practice is implemented and therefore implementable. Precise Exit Criteria have not been agreed upon as of today. The group expects to ask for at least two independently sourced implementations of each Best Practice.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2274

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.3.1 Inform the User About Automatic Network Access

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3.1.1
nit: double period at the end of first sentence

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added02

Resolution: Thanks. Double period removed and sentence completed.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2271

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.1.1 Use Cookies Sparingly

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.1.1.1
Cookies being disabled by devices isn't a mobile specific issue as it
also applies to desktop. New devices Android, iPhone, Nokia s60 and
beyond, Palm, etc.. all ship with cookies enabled by default.
Maybe it is covered elsewhere but there is no mention of privacy
issues sending data back to the server via cookies, only the network
concern. With access to very sensitive data like location this might
be worth flagging for mobile.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added04 [[We disagree with the claim that there is no mobile-specific aspect to cookies (the shifting of data is mobile-specific). We also note that privacy issues are considered out of Scope - and will add a note to that effect.]] FD: Where is the note?

Resolution: We disagree with the claim that there is no mobile-specific aspect to cookies (the shifting of data is mobile-specific). Generic privacy issues are considered out of scope of this document

(Please make sure the resolution is adapted for public consumption)

Comment LC-2279

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.4.5 Minimize External Resources

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.4.5.1
This is a dangerous recommendation when even modern browsers like
mobile safari on iPhone have a limited browser cache entry size of
25kb uncompressed. It is a good recommendation but relies partially on
the assumption that the caching of a single large resource is no worse
than multiple single resources.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added13

Resolution: We think that this limitation is obsolete and that the best practice is good in the generic case. We do not think that we can recommend an explicit size limit as this is likely to evolve over time.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2290

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 1.3.2 Web Application

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

1.3.2: "Web Widgets Effort" that would be the "W3C Widgets effort", or perhaps the "W3C Widgets family of specifications" (as WebApps call them).

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added24 FD: text updated. The [WIDGETS] reference should also be updated to target the Widget Packaging and Configuration spec rather than the Wiki: http://www.w3.org/TR/widgets/

Resolution: We agree and have updated the text.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2291

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 1.5 Terminology

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

1.5: "The implicit reference to XML suggested by the names is commonly accepted to be an historical anomaly." It's historical for sure, but it's not really an anomaly: it really corresponded to what people were thinking of at the time.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added25

Resolution: We agree and have removed that comment.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2292

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.1.2 Use Appropriate Client-Side Storage Technologies for Local Data

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.1.2.1: Storage has been split from HTML5, and there are several parallel local storage efforts in WebApps. In general it would be good to be more precise: "BONDI [BONDI], HTML5 [HTML5], and Opera Widgets [OPERA]" isn't very helpful. For instance, are you thinking of the BONDI address book interface? Or the file system interface? The calendar API? They can all store local data.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added05 FD: linked with LC-2272

Resolution: We will add text to 3.1.2.1. stating that work is in progress to unify these apis and reference the work of WebApps and Device API WGs. We note that most storage APIs are dealt with by the WebApps WG but think the File System API addressed by DAP falls into the storage spec category.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2272

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.1.2 Use Appropriate Client-Side Storage Technologies for Local Data

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.1.2.1
Given that HTML5 is now drafting specs for a Web Storage and Web
Database that is shipping in iPhone 3.x and Android 2.x it seems odd
to me to mention Bondi and Opera widgets in this context, especially
given the focus of this document is for applications in a browser.
The second point of "making updates locally at first" should be
supplemented with a need to add UI treatment to make it clear to the
user that their data is uncommitted.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added05 FD: linked with LC-2292.

Resolution: We will add text to 3.1.2.1. stating that work is in progress to unify these apis and pointing to the work of WebApps and Device API WGs. Regarding the need to add UI treatment, we think we make sufficient comment about progress indications elsewhere in the spec.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2293

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.2.1 Do not Execute Unescaped or Untrusted JSON data

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.2.1.2: Note that some browsers now ship with native JSON parsing.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added06

Resolution: We agree and have removed the parenthetical comment on performance issues with JSON parser.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2273

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.2.1 Do not Execute Unescaped or Untrusted JSON data

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.2.1.2
One way to be able to eval() untrusted data is to perform the JSON
escaping on the server where the processing power is less constrained
than on the client since we are downloading the data anyway
(presumably).

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added26

Resolution: We agree but note the text already mentions that the JSON datafeed has to be suitably escaped when the eval() function is used.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2294

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.3 User Awareness and Control

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3: "Browsers may have access to information such as: • Pictures, music, and video clips; • Contacts, calendar (PIM data); • Call history; • System data (battery, coverage, roaming, location); • Media recording (record audio/video clip, get new picture); • Device context (e.g. location, connectivity, profile setting)."

I am not aware that there are any plans to grant browsers access to such information gratuitously. They may be granted within web runtimes, but even then with clear restrictions. In general this seems to address implementers more than authors.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added09 FD: text clarified. The discussion on implementers vs. authors remains. RESOLUTION: Add to 3.3 the into text: Where possible rely on the browser's native functionality to implement the confirming featues described in this section

Resolution: The best practices of this document do not address implementers. We have added some text in section 3.3 to explain that the best practices in this section provide further advice on appropriate application behaviour in situations where the native functionality of the browser may not be sufficient.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2275

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.3.1 Inform the User About Automatic Network Access

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3.1.2
AFAIK some devices will provide UI indications in their status bar of
network activity, with a spinner or mobile data flow indicators. While
informing users of background network usage may be desirable, it might
be overkill to have 3 separate indicators. Maybe you could suggest to
provide UI on devices where the browser does not do it natively

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added07 RESOLUTION: ref LC-2275, resolve no as this would complicate things for authors who would then have to maintain different variants of their applications for different browsers.

Resolution: We understand the point but think that this would complicate things for authors who would then have to maintain different variants of their applications for different browsers.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2295

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.3.1 Inform the User About Automatic Network Access

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3.1: Also seems to be more for implementers than authors. This information should be provided in a consistent manner by the UI, not the app. The BP I expected here is the one in 3.3.2.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added09

Resolution: The Best Practices address authors as precised in section 1.1 Purpose of the Document, and do not address browser implementers. We have added some clarification text to the beginning of section 3.3 to say that where possible it is preferable.to rely on the browser's native functionality to notify the user.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2276

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.3.2 Provide Sufficient Means to Control Automatic Network Access

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3.2.2
"must" seems a bit strong here. Some applications that inherently
require network access (think IM, mapping, etc..) will not be usable
with no network access, so providing such an option should not be
mandatory.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added09

Resolution: We agree that the wording is too strong and have replaced "must" by "should".

(Please make sure the resolution is adapted for public consumption)

Comment LC-2296

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.3.3 Ensure the User is Informed About Use of Personal and Device Information

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3.3: Again, implementer-orientated. I think that it would be more useful to have separate documents for authors and implementers. Also, the notion that putting notices about usage of a user's personal information in help pages implements a best practice is somewhat dubious. It's hard to find users accessing help pages on a desktop, I don't believe anyone ever does on a mobile (in fact, I'm not sure where I'd find such things).

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added09

Resolution: This document is for authors as mentioned in section 1.1 Purpose of the Document. We agree that putting information in help pages is not a best practice and have removed the text.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2277

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.3.4 Enable Automatic Sign-in

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.3.4
Consider adding something along the lines of
"If devices persist authentication tokens then the server MUST
invalidate them if the user changes or resets their password"
This is especially important with mobile devices that are often
lost/stolen and provides a user with a way to after the fact lock the
phone out of web applications it had previously been authorised for.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added10

Resolution: We agree but think that the current text in the "How to do it" already addresses this need. We have added a note to emphasize that a sign-out link should be also provided if automatic sign-in is enabled.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2297

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.4.1 Use Transfer Compression

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.4.1.2 This should also mention that EXI has been registered as an HTTP content coding, and can be used. It has the substantial advantage that in most configurations it is smaller while also requiring fewer cycles to decode.

"For very small files (e.g. <1k) the negative impact of processing may outweigh any small transport gains." Note that for very small files, gzip will render them larger anyway.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added11 FD: not sure we should mention EXI at this time as it is not yet implemented and we cannot really foresee its success. Rewrite the sentence to emphasize that gzip and deflate are just the most common example at the time of writing?

Resolution: We agree and have updated the text to mention EXI as a technology to watch out and changed the note on very small files accordingly.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2278

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.4.4 Optimize Network Requests

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.4.4.2
One suggestion to add here is to prioritise your network requests and
throttle the number of connections in order to ensure that high
priority requests are not blocked or slowed by lower priority
requests, if they are unable to be batched.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added12

Resolution: We agree and have added the suggestion to the list.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2280

Commenter: Marc Wilson <marcwilson@google.com> (archived message)

Context: 3.4.10 Don't Send Cookie Information Unnecessarily

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.4.10
Although this is a different point to 3.1.1 they are related and maybe
should be merged, colocated or reference each other

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added14

Resolution: We think that both best practices address cookies in very different ways and would not benefit from referencing each other.

(Please make sure the resolution is adapted for public consumption)

Comment LC-2298

Commenter: Robin Berjon <robin@berjon.com> (archived message)

Context: 3.4.11 Keep DOM Size Reasonable

Status:

open proposal pending resolved_yes resolved_no resolved_partial other Not assigned

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

3.4.11.1: "Keep the DOM size below 10MB to avoid browser crashes." Providing numbers without telling people how to measure them doesn't help a lot.

Related issues: (space separated ids)

WG Notes: Resolution: http://www.w3.org/2009/12/09-bpwg-minutes.html#added15

Resolution: We agree and have removed the mention of a precise DOM size that was empirical and would not help authors making a decision.

(Please make sure the resolution is adapted for public consumption)