Browser security is built around the idea that there are parts of the UI under the site's control, and therefore to be trusted as much as you trust the site, and parts that are under the browser's control, and to be trusted as much as you trust the browser.
For instance, if the site says "I am secure" - you trust this less than if the browser says "this site is secure".
What we're talking about is a new UI flow, where multiple origins are represented in the same space, controlled by the browser. This thread seems to be suggesting that the current origin would get to choose which origins appear here, and those origins would control how they appear here (text, icon).
So now we're mixing the model up. Origins are being presented to the user, by the browser, for the first time, on their terms. It will appear like my browser (not the site) is suggesting I use "PayPal", but it is in fact evil.com pretending to be PayPal.
Given that we do not allow origin-controlled text into permission prompts, I'm not sure we should be ok with this.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments-payment-apps-api/issues/48#issuecomment-274413430