W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: Browser Payments API proposal

From: Charles McCathieNevile <chaals@opera.com>
Date: Tue, 19 Jun 2012 10:10:36 +0200
To: public-webapps@w3.org, "Alex MacCaw" <maccman@gmail.com>
Message-ID: <op.wf44zyq2wxe0ny@widsith-3.local>
On Sat, 16 Jun 2012 06:05:35 +0200, Alex MacCaw <maccman@gmail.com> wrote:

> I've been working on a way of integrating one-click payments (and signup)
> into the browser, and I wanted to put it in front of a few people to get
> some feedback.
>
> The API I was playing about with was pretty simple, and is documented  
> here:
>
> http://blog.alexmaccaw.com/preview/MjQxMDcwOTcwNjAYz14YvbdZWrrVg

(that link seems to go nowhere except the front of your blog)

> It's basically an API to autocomplete data, already stored in the browser
> and containing things like credit card number and name.
>
> For example:
>
> navigator.requestProfile(['firstName', 'email', 'cardNumber'], function(
> profile){ console.log('Your name is:', profile.firstName); /* ... */ });

So it seems you are just using an API to support autocomplete, but with  
magic tokens as well as the browser heuristics that are normally used.

This seems to introduce a lot of UI security issues (asking for data for  
hidden form fields or fields that are out of the rendering view, ...).

cheers

Chaals

> I've also created a Chrome
> extension<https://github.com/maccman/request-profile> demonstrating
> the API. I think the key thing to getting adoption for something like  
> this
> is to keep it really simple.
>
> Cheers,
> Alex
>


-- 
Charles 'chaals' McCathieNevile  Opera Software, Standards Group
     je parle français -- hablo español -- jeg kan noen norsk
http://my.opera.com/chaals       Try Opera: http://www.opera.com
Received on Tuesday, 19 June 2012 08:11:08 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:52 GMT