W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2018

Re: Request Web Security review of Gamepad API

From: Florian Bösch <pyalot@gmail.com>
Date: Fri, 18 May 2018 21:48:07 +0200
Message-ID: <CAOK8ODif8JOWuWT4srEHCei7yr9TAkH6PGz__DOG2x=gCGq1UA@mail.gmail.com>
To: Tom Ritter <tom@ritter.vg>
Cc: Léonie Watson <tink@tink.uk>, Webapps WG <public-webapps@w3.org>
I'd actually ask to separate and formalize the "id" attribute such that:

   - vendor_id -> a hexadecimal uppercase string
   - device_id -> a hexadecimal uppercase string

So that we don't have a huge range of permutations such as:

   - device ID first and then vendor ID
   - vendor ID first and then device ID
   - separated
      - with a dash
      - with a space
      - with a slash
      - etc....
   - not separated
   - etc....
   - etc.


On Fri, May 18, 2018 at 9:44 PM, Florian Bösch <pyalot@gmail.com> wrote:

> On Fri, May 18, 2018 at 9:38 PM, Tom Ritter <tom@ritter.vg> wrote:
>
>> It's the Product Name that seems dangerous (and non-standard).
>>
>
> You usually display the product name (if you get any) to the user instead
> of hexadecimal IDs (cause users aren't good at consulting USB vendor/device
> databases to figure out what the application tells them it is they have
> connected).
>
Received on Friday, 18 May 2018 19:48:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:15:14 UTC