Re: [w3c/webpayments-methods-card] Say how we integrate with PaymentRequest (#23) from Marcos Cáceres on 2017-05-29 (public-webpayments-specs@w3.org from May 2017)

From: Marcos Cáceres <notifications@github.com>
Date: Sun, 28 May 2017 20:43:54 -0700
To: w3c/webpayments-methods-card <webpayments-methods-card@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments-methods-card/pull/23/review/40693485@github.com>

marcoscaceres commented on this pull request.



> @@ -180,6 +185,22 @@
       </p>
 
       </section>
+
+      <section>
+      <h3>Processing incoming payment method data</h3>
+
+      <p>When the PaymentRequest API is to pass data to a payment app supporting basic-card as part
+      of the <a>paymentRequest.show()</a> algorithm, the payment app must process any non-null

> This implies that the browser will do validation of the data before passing to payment handlers. 

Correct. 

But(!), for non-short strings (i.e., URLs), the `.data` is just "object", so it gets passed along to the appropriate payment handler after 1) undergoing JSON serialization (to expunge function and other unsafe things), and 2) undergoing [conversion to "object"](https://heycam.github.io/webidl/#es-object) as per WebIDL. 

You cannot escape WebIDL conversion, because `.data` MUST be converted into something that can survive being transferred from JS to C++ and back to JS, possibly crossing multiple thread boundaries (service worker acting as a payment handler). Or, in the case where the payment handler is a Android native app, that might be JS to Java, and then back to JS. 

> If this is what we want then we should get consensus from all the browser vendors that this is a good idea

Microsoft, Google, Mozilla are having this discussion right here - and I'm sure our friends at Opera, Samsung, and Facebook are watching (Hai friends!). It doesn't get any more "browser vendor consensus" than that... well, unless we somehow drag Apple in here 😛

> AND that they will support new payment methods that come along and define new payment method specific data formats.

Sure. Why would anyone **not** support and define new standardized PMIs where they would benefit users? That's the whole point of standardizing the short strings. Like any other part of the web platform, they require backing from browser vendors before they can actually be standardized.

Let me be absolutely clear: **If a short string doesn't have support from implementers (i.e., doesn't ship in 2+ browsers), then it can't ever become a web standard. Same as any other thing in the platform.** If you are suggesting minting arbitrary short strings, and then complaining that no one supports them, then you need to check your assumptions. W3C standards are "Recommendations" - no one is obliged to support any of them. However, it's still possible for a browser to support non-standardized PMIs via URLs and the Payment Handler spec. 



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-methods-card/pull/23#discussion_r118862436

Received on Monday, 29 May 2017 03:44:29 UTC