- From: ianbjacobs <notifications@github.com>
- Date: Thu, 16 Apr 2020 06:29:37 -0700
- To: w3c/payment-handler <payment-handler@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 16 April 2020 13:29:50 UTC
@ianbjacobs commented on this pull request.
> @@ -2445,6 +2445,22 @@ <h2>
</li>
</ul>
</section>
+ <section>
+ <h2>
+ User Awareness about Sharing Data Cross-Origin
+ </h2>
+ <ul>
+ <li>By design, a payment handler from one origin shares data with
+ another origin (e.g., the merchant site).
+ </li>
+ <li>It is important that user agents make clear to users the origin
+ of a payment handler.
+ </li>
+ <li>User agents should help users understand that they are sharing
Added rationale: to mitigate phishing attacks
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-handler/pull/366#discussion_r409555982
Received on Thursday, 16 April 2020 13:29:50 UTC