- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 10 May 2016 09:37:13 -0400
- To: Adam Roach <abr@mozilla.com>, Ian Jacobs <ij@w3.org>
- Cc: Adrian Bateman <adrianba@microsoft.com>, Web Payments Working Group <public-payments-wg@w3.org>
On 05/10/2016 09:29 AM, Adam Roach wrote: > On 5/10/16 08:16, Ian Jacobs wrote: >> Today if I type information (e.g., shipping address) in a form field, does that change the DOM and thus the merchant has access to the information immediately as well? >> >> I am wondering whether the behavior you describe for paymentRequest differs significantly from today’s form-based approach. (I say “I am wondering” because I think >> you have a better grasp than I do.) > > Yes, it certainly does have access. But there's a somewhat different > mental model between "I entered data into merchant.com's web page, so > merchant.com has access to it" and "I entered data into Bobpay's payment > app, so merchant.com has access to it, even if I never submitted it." To be clear, I don't believe the latter represents the current API design. The shipping information (at least the information that is reported via `onshippingaddresschange`) isn't entered into a Payment App, but into a special checkout UI provided by the browser. However, it is correct that it is not entered via a page on merchant.com. I think this may better capture what's going on: "I entered data into a 'special browser checkout UI', so merchant.com has access to it, even if I never submitted it." -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Tuesday, 10 May 2016 13:39:53 UTC