Ok, it seems there are two facets to this issue: 1. corralling the unicode content of the "name"-ish domstrings 2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content. PR #951 is an attempt to address (1) and is an alternative to pr #878. I have done some modest searching around WHATWG and W3C specs regarding how one might specify guidance per @jcjones's [suggestion above](https://github.com/w3c/webauthn/issues/593#issuecomment-369402225) of "[advise] to always use UI elements to provide a clear boundary around these strings, and not allow overflow into other elements, etc..." -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/593#issuecomment-397378715 using your GitHub accountReceived on Thursday, 14 June 2018 17:39:58 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC