Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions

Jump to navigation Jump to search

Firefox/Features/Web Payments/Privacy & Security Considerations (view source)

Revision as of 23:07, 27 June 2018

174 bytes added ,  27 June 2018
→‎Data Validation: added further guidelines
(→‎Information Leakage: more clarifications)
(→‎Data Validation: added further guidelines)
Line 75: Line 75:


* PaymentItem label values (e.g., products in a shopping cart)
* PaymentItem label values (e.g., products in a shopping cart)
* The web origin of the merchant website (which could include mixed scripts or bidirectional domain labels)
* The web origin of the merchant website (which could include mixed scripts, bidirectional domain labels, confusable characters, etc.)
* Error strings, especially generic error message
* Error strings, especially generic error message


Firefox should validate and sanitize all untrusted strings, for instance by limiting the display length (e.g., truncate to 64 bytes or fewer, as is done for relying part names in the [https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API Web Authentication API]).
Firefox should validate and sanitize all untrusted strings, for instance by limiting their display length (e.g., truncate to 64 bytes or fewer, as is done for relying party names in the [https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API Web Authentication API]), always using UI elements to provide a clear boundary around these strings, not allowing these UI elements to overflow into other elements, etc.


== User Interaction ==
== User Interaction ==
Stpeter
58

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1196364"

Navigation menu