Re: [webauthn] Display name content rules? from =JeffH via GitHub on 2018-06-14 (public-webauthn@w3.org from June 2018)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 14 Jun 2018 17:39:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-397378715-1528997993-sysbot+gh@w3.org>

Ok, it seems there are two facets to this issue: 
1. corralling the unicode content of the "name"-ish domstrings
2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content.

PR #951 is an attempt to address (1) and is an alternative to pr #878.

I have done some modest searching around WHATWG and W3C specs regarding how one might specify guidance per @jcjones's [suggestion above](https://github.com/w3c/webauthn/issues/593#issuecomment-369402225) of "[advise] to always use UI elements to provide a clear boundary around these strings, and not allow overflow into other elements, etc..."


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/593#issuecomment-397378715 using your GitHub account

Received on Thursday, 14 June 2018 17:39:58 UTC