- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 27 Jun 2018 16:41:38 +0000
- To: public-webauthn@w3.org
thx @stpeter & @aphillips Ok, so if I interpret the above comments correctly, having the guidance in the spec whereas servers and clients SHOULD apply PRECIS to those name-ish strings, is nominally OK? WRT the other portion of issue #593 .. > 2. providing implementer guidance regarding how to display/present these string values in order to mitigate effects of possibly malicious string content. ..we could as @jcjones suggests concoct some modest _guidance/advice_ to "...always use UI elements to provide a clear boundary around these strings, and **not allow overflow into other elements**, etc." ? (the latter is [the crux of the feedback](https://github.com/w3c/webauthn/issues/593#issuecomment-369402225) that @jcjones got from @zbraniecki) -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/pull/951#issuecomment-400747725 using your GitHub account
Received on Wednesday, 27 June 2018 16:41:43 UTC