Amanda Baker

Installation will already be gated behind a [permission](https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/WebInstall/explainer_cross_domain.md#preventing-installation-prompt-spamming-from-third-parties), the following would have to happen for a malicious site to know if a user installed an app: 1. The user navigates...

@mwjacksonmsft Do you want to extend SystemEntropy in PerformanceNavigationTiming as well?

The cross-origin explainer has been updated to require both a `manifest_id` and an `install_url`, but we still want to keep the option to install with no args for _same-domain_ installs...

@FluorescentHallucinogen Your 1st concern around `beforeinstallprompt` has been addressed with the addition of the [same-origin explainer](https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/WebInstall/explainer_same_domain.md), and the 2nd item suggesting to use a permission is addressed in the cross-origin...

Although I see the value in the multi-install case, I find it concerning from a security perspective. Currently, we're depending on a UA-provided install dialog to show the user info...

@captainbrosset It looks like you've worked on that page, so do you have more context here?

This is a great callout. I don't know if it would be guaranteed that the browser would be notified of the user either installing the app or rejecting installation, so...

I don't see it mentioned in the explainer, but we've discussed using `navigator.install()` to open apps as well. This was intended to address the issue where a user installs the...

@diekus I don't think `AbortError` is appropriate for main frame and user activation. These are the patterns I see for other APIs: - Used outside main frame: `InvalidStateError`: - This...