Re: [w3c/manifest] Add guidance for user agents about how to prevent malicious localization strings (Issue #1150) from Daniel Murphy on 2024-10-31 (public-webapps-github@w3.org from October 2024)

From: Daniel Murphy <notifications@github.com>
Date: Thu, 31 Oct 2024 14:55:37 -0700
To: w3c/manifest <manifest@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/manifest/issues/1150/2450876195@github.com>

What if we decided to accomplish two things that are needed here, one is this warning, but also to make a very brief description of update:

## Algorithm to update manifest presentation

- Given two manifests old and new, who&#39;s computed app id are the same.
- The user agent will update the presentation of non-security-sensitive manifest members.
- The user agent may discard updates to presentation of security sensitive members.
- The user agent may require user consent or heuristics to allow updating presentation of security sensitive member.


## how this hooks in for localized stuff

When the user&#39;s system locale changes, run the update algorithm with &#39;old&#39; being the current manifest presentation, and &#39;new&#39; being the new presentation with the new system locale applied?



-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/1150#issuecomment-2450876195
You are receiving this because you are subscribed to this thread.

Message ID: &lt;w3c/manifest/issues/1150/2450876195@github.com&gt;

Received on Thursday, 31 October 2024 21:55:45 UTC