Re: [w3c/payment-request] Editorial: describe security mitigations #675 (#683) from Peter Saint-Andre on 2018-02-13 (public-webpayments-specs@w3.org from February 2018)

From: Peter Saint-Andre <notifications@github.com>
Date: Tue, 13 Feb 2018 23:40:31 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/pull/683/review/96342451@github.com>

stpeter commented on this pull request.



> @@ -3325,6 +3323,49 @@ <h2>
       <h2>
         Security Considerations
       </h2>
+      <section class="informative">
+        <h2 id="sec-enhancements">
+          Mechanisms to enhance security
+        </h2>
+        <p>
+          This specification includes a number of mechanisms to enhance the
+          security of the API:
+        </p>
+        <ul data-link-for="PaymentRequest">
+          <li>The <a>PaymentRquest</a>'s <a>show()</a> method needs to
+          <a>triggered by user activation</a>. This reduces content's ability

Should we point to https://html.spec.whatwg.org/multipage/interaction.html#activation here?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/683#pullrequestreview-96342451

Received on Tuesday, 13 February 2018 23:46:04 UTC