Re: [w3c/manifest] Added security consideration advice for out-of-scope UI spoofing. (#748) from Dominick Ng on 2018-12-06 (public-webapps-github@w3.org from December 2018)

From: Dominick Ng <notifications@github.com>
Date: Thu, 06 Dec 2018 02:11:39 -0800
To: w3c/manifest <manifest@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/manifest/pull/748/c444819746@github.com>

Despite the MAY language, it feels verbose, and describes a situation based on assumptions regarding a user agent's UX. The caveat of the ideal placement not being possible also contributes to the lack of utility given how many words there are. Could this simply be an addendum to the existing recommendation?

>  This UI SHOULD differ from any UI used when the document URL is within scope in order to make it obvious that the user is navigating off scope. This UI MAY be placed in a location outside of the control of the application context to mitigate spoofing.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/748#issuecomment-444819746

Received on Thursday, 6 December 2018 10:12:01 UTC