Re: [w3c/payment-request] Editorial: describe security mitigations #675 (#683)

stpeter commented on this pull request.



> +          end-user.
+          </li>
+          <li>Interfaces are <a data-cite=
+          "WEBIDL#dfn-available-only-in-secure-contexts">available only in a
+          secure context</a>, to reduce the possibly that credentials will be
+          acquired and transferrer through insecure communication protocols.
+          </li>
+          <li>A <a>top-level browsing context</a> need to explicitly grant an
+          <a>iframe</a> the ability to access the <a>PaymentRequest</a>
+          interface via the <a>allowpaymentrequest</a> attribute. This prevents
+          embedded third-party content from accessing the interfaces of the
+          <cite>Payment Request API</cite> without the <a>top-level browsing
+          context</a>'s permission.
+          </li>
+          <li>In the definition of <a>canMakePayment()</a> the Working Group
+          seeks a balance between user experience and date protection. As

s/date/data/

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/683#pullrequestreview-96343018

Received on Tuesday, 13 February 2018 23:44:15 UTC