Re: Request Web Security review of Gamepad API

I'd actually ask to separate and formalize the "id" attribute such that:

   - vendor_id -> a hexadecimal uppercase string
   - device_id -> a hexadecimal uppercase string

So that we don't have a huge range of permutations such as:

   - device ID first and then vendor ID
   - vendor ID first and then device ID
   - separated
      - with a dash
      - with a space
      - with a slash
      - etc....
   - not separated
   - etc....
   - etc.


On Fri, May 18, 2018 at 9:44 PM, Florian Bösch <pyalot@gmail.com> wrote:

> On Fri, May 18, 2018 at 9:38 PM, Tom Ritter <tom@ritter.vg> wrote:
>
>> It's the Product Name that seems dangerous (and non-standard).
>>
>
> You usually display the product name (if you get any) to the user instead
> of hexadecimal IDs (cause users aren't good at consulting USB vendor/device
> databases to figure out what the application tells them it is they have
> connected).
>

Received on Friday, 18 May 2018 19:48:34 UTC