Re: [w3c/browser-payment-api] Spec prohibits currency validation but doesn't define what it is (#175)

This kind of requirement for user agents to not validate something is typically the kind of thing we would ignore in implementation. It is a common practice to do some kind of validation on all untrusted input. For example, if somebody passes in a huge multi-megabyte string for currency code then we will probably reject the call. We might also want to interpret the currency amount to do something in the user interface (e.g., not everyone knows that GBP is the same as £).

I propose that we remove this clause from the spec.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/175#issuecomment-215775587

Received on Friday, 29 April 2016 15:57:17 UTC