W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Display name content rules?

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Thu, 14 Jun 2018 17:39:55 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-397378715-1528997993-sysbot+gh@w3.org>
Ok, it seems there are two facets to this issue: 
1. corralling the unicode content of the "name"-ish domstrings
2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content.

PR #951 is an attempt to address (1) and is an alternative to pr #878.

I have done some modest searching around WHATWG and W3C specs regarding how one might specify guidance per @jcjones's [suggestion above](https://github.com/w3c/webauthn/issues/593#issuecomment-369402225) of "[advise] to always use UI elements to provide a clear boundary around these strings, and not allow overflow into other elements, etc..."


-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/593#issuecomment-397378715 using your GitHub account
Received on Thursday, 14 June 2018 17:39:58 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC