- From: asmusf via GitHub <sysbot+gh@w3.org>
- Date: Thu, 12 Jul 2018 04:02:21 +0000
- To: public-webauthn@w3.org
Truncating UTF-8 strings on "random" byte boundaries creates buffers containing corrupt data. Truncating character strings on (some) boundaries that are not EGC boundaries may create data that cannot be properly rendered (and or may look like a different character string). As to the former, the goal of any specification should be an robust architecture that avoids the creation, or worse, interchange of corrupt data. Looks like the L1 level fails that; despite the fact that enforcing validity on UTF-8 strings is not a complex task. >From a user interaction, the goal should be to prevent display of "broken" or misleading data. That includes feedback on whether a string has been truncated. Admittedly, getting that part correct drags in something like extended grapheme clusters. But also the need to communicate whether truncation has taken place. -- GitHub Notification of comment by asmusf Please view or discuss this issue at https://github.com/w3c/webauthn/issues/973#issuecomment-404382376 using your GitHub account
Received on Thursday, 12 July 2018 04:02:30 UTC