Re: [w3ctag/design-reviews] Notification Inline Replies (#284) from Hadley Beeman on 2018-07-10 (public-webapps-github@w3.org from July 2018)

From: Hadley Beeman <notifications@github.com>
Date: Tue, 10 Jul 2018 08:34:19 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/284/403866850@github.com>

Thanks, Anita!  Looks like you're making significant progress. 

One note though: it seems that there are two opportunities for spoofing and phishing in this.  One, as you've covered thoroughly, is the source of the notification. It is definitely important that the user can see where the notification is coming from. 

Equally worrisome though is the destination of the text the user is entering in the inline reply. We wouldn't want users to send sensitive information to the wrong or misleading destination URL.  What are your thoughts on how best to deal with that possibility? 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/284#issuecomment-403866850

Received on Tuesday, 10 July 2018 15:34:44 UTC