- From: Peter Saint-Andre <notifications@github.com>
- Date: Tue, 13 Feb 2018 15:40:59 -0800
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 13 February 2018 23:41:54 UTC
stpeter commented on this pull request. > + <h2 id="sec-enhancements"> + Mechanisms to enhance security + </h2> + <p> + This specification includes a number of mechanisms to enhance the + security of the API: + </p> + <ul data-link-for="PaymentRequest"> + <li>The <a>PaymentRquest</a>'s <a>show()</a> method needs to + <a>triggered by user activation</a>. This reduces content's ability + to unexpectedly cause a request for payment to be displayed to the + end-user. + </li> + <li>Interfaces are <a data-cite= + "WEBIDL#dfn-available-only-in-secure-contexts">available only in a + secure context</a>, to reduce the possibly that credentials will be s/possibly/possibility/ -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/pull/683#pullrequestreview-96342547
Received on Tuesday, 13 February 2018 23:41:54 UTC