Intent to Implement: Reject PaymentRequest.show with SecurityError DOMException if it is not triggered by user activation

87 views

Skip to first unread message

Ganggui Tang

unread,

Mar 26, 2018, 10:52:37 AM3/26/18

to blin...@chromium.org, PaymentRequest

Contact emails goge...@chromium.org, rou...@chromium.org

Spec https://www.w3.org/TR/payment-request/#show-method Summary Allow PaymentRequest.show can be triggered without user activation could be abused by malicious websites. To protect users, the spec has been changed to require user activation. Motivation

Protect users from unintended PaymentRequest.show.

Interoperability risk Firefox: In development Edge: No public signals Safari: Shipped Web developers: No signals Compatibility risk

This may require web developers change their implementations. Ongoing technical constraints

None Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes or no.

Yes OWP launch tracking bug https://crbug.com/825270 Link to entry on the Chrome Platform Status https://www.chromestatus.com/features/5948593429020672 Requesting approval to ship?

Reply all

Reply to author

Forward

0 new messages