Re: Request Web Security review of Gamepad API from Florian Bösch on 2018-05-18 (public-webapps@w3.org from April to June 2018)

From: Florian Bösch <pyalot@gmail.com>
Date: Fri, 18 May 2018 21:48:07 +0200
To: Tom Ritter <tom@ritter.vg>
Cc: Léonie Watson <tink@tink.uk>, Webapps WG <public-webapps@w3.org>
Message-ID: <CAOK8ODif8JOWuWT4srEHCei7yr9TAkH6PGz__DOG2x=gCGq1UA@mail.gmail.com>

I'd actually ask to separate and formalize the "id" attribute such that:

   - vendor_id -> a hexadecimal uppercase string
   - device_id -> a hexadecimal uppercase string

So that we don't have a huge range of permutations such as:

   - device ID first and then vendor ID
   - vendor ID first and then device ID
   - separated
      - with a dash
      - with a space
      - with a slash
      - etc....
   - not separated
   - etc....
   - etc.


On Fri, May 18, 2018 at 9:44 PM, Florian Bösch <pyalot@gmail.com> wrote:

> On Fri, May 18, 2018 at 9:38 PM, Tom Ritter <tom@ritter.vg> wrote:
>
>> It's the Product Name that seems dangerous (and non-standard).
>>
>
> You usually display the product name (if you get any) to the user instead
> of hexadecimal IDs (cause users aren't good at consulting USB vendor/device
> databases to figure out what the application tells them it is they have
> connected).
>

Received on Friday, 18 May 2018 19:48:34 UTC