- From: Domenic Denicola <notifications@github.com>
- Date: Wed, 20 Sep 2017 23:58:55 -0700
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 21 September 2017 06:59:37 UTC
A Chrome developer ended up confused by this section because it says > The fact that a successful match to a payment method causes a user interface to be displayed mitigates the disclosure risk. However this is not true for "the payment request API" in general, only for paymentRequest.show(). In particular canMakePayment() can be called without UI. This section should be rewritten to be specific what methods it's talking about, and talk about canMakePayment()'s step 3 mitigations additionally. --- As a separate problem, the "may" requirements in this section are very bad, and should be moved to the show() method. --- I can try to work on this "soon", but it's hard to guarantee availability for this week or next, so since it seems things are heading toward some sort of spec freeze, maybe someone else can help out here. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/629
Received on Thursday, 21 September 2017 06:59:37 UTC