Re: [w3c/payment-request] Editorial: describe security mitigations #675 (#683)

stpeter commented on this pull request.



> +          Mechanisms to enhance security
+        </h2>
+        <p>
+          This specification includes a number of mechanisms to enhance the
+          security of the API:
+        </p>
+        <ul data-link-for="PaymentRequest">
+          <li>The <a>PaymentRquest</a>'s <a>show()</a> method needs to
+          <a>triggered by user activation</a>. This reduces content's ability
+          to unexpectedly cause a request for payment to be displayed to the
+          end-user.
+          </li>
+          <li>Interfaces are <a data-cite=
+          "WEBIDL#dfn-available-only-in-secure-contexts">available only in a
+          secure context</a>, to reduce the possibly that credentials will be
+          acquired and transferrer through insecure communication protocols.

s/transferrer/transferred/

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/pull/683#pullrequestreview-96342651

Received on Wednesday, 14 February 2018 10:57:07 UTC