Re: [webauthn] Display name content rules?

Ok, it seems there are two facets to this issue: 
1. corralling the unicode content of the "name"-ish domstrings
2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content.

PR #951 is an attempt to address (1) and is an alternative to pr #878.

I have done some modest searching around WHATWG and W3C specs regarding how one might specify guidance per @jcjones's [suggestion above]( of "[advise] to always use UI elements to provide a clear boundary around these strings, and not allow overflow into other elements, etc..."

GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at using your GitHub account

Received on Thursday, 14 June 2018 17:39:58 UTC