- From: Charles McCathieNevile <chaals@opera.com>
- Date: Tue, 19 Jun 2012 10:10:36 +0200
- To: public-webapps@w3.org, "Alex MacCaw" <maccman@gmail.com>
On Sat, 16 Jun 2012 06:05:35 +0200, Alex MacCaw <maccman@gmail.com> wrote:
> I've been working on a way of integrating one-click payments (and signup)
> into the browser, and I wanted to put it in front of a few people to get
> some feedback.
>
> The API I was playing about with was pretty simple, and is documented
> here:
>
> http://blog.alexmaccaw.com/preview/MjQxMDcwOTcwNjAYz14YvbdZWrrVg
(that link seems to go nowhere except the front of your blog)
> It's basically an API to autocomplete data, already stored in the browser
> and containing things like credit card number and name.
>
> For example:
>
> navigator.requestProfile(['firstName', 'email', 'cardNumber'], function(
> profile){ console.log('Your name is:', profile.firstName); /* ... */ });
So it seems you are just using an API to support autocomplete, but with
magic tokens as well as the browser heuristics that are normally used.
This seems to introduce a lot of UI security issues (asking for data for
hidden form fields or fields that are out of the rendering view, ...).
cheers
Chaals
> I've also created a Chrome
> extension<https://github.com/maccman/request-profile> demonstrating
> the API. I think the key thing to getting adoption for something like
> this
> is to keep it really simple.
>
> Cheers,
> Alex
>
--
Charles 'chaals' McCathieNevile Opera Software, Standards Group
je parle français -- hablo español -- jeg kan noen norsk
http://my.opera.com/chaals Try Opera: http://www.opera.com
Received on Tuesday, 19 June 2012 08:11:08 UTC