CollectedClientData serialization is confusing WebIDL and/or Infra values for ECMAScript values

[petervanderbeken]

https://www.w3.org/TR/webauthn-3/#clientdatajson-serialization ends up calling ECMAScript operations on WebIDL and/or Infra values.

For example:

3. Append CCDToString(type) to result.

Here type is a WebIDL value, of type DOMString. If we look at CCDToString it does:

3. Invoke ToString on the given object to convert to a string.

Invoking ToString on a DOMString is not defined, it expects an ECMAScript value. This should probably use the Infra algorithm to serialize an Infra value to JSON bytes.

Another example is step 14.1:

1. Invoke serialize JSON to bytes on the temporary copy to produce a byte string remainder.

The temporary copy is created in step 12:

12. Create a temporary copy of the CollectedClientData and remove the fields type, challenge, origin, crossOrigin (if present), and topOrigin (if present).

Nothing really defines how that should work I think, it would be clearer if it used Infra operations like https://infra.spec.whatwg.org/#map-clone and https://infra.spec.whatwg.org/#map-remove on the WebIDL dictionary (which is an ordered map). It can then again use the Infra algorithms to convert the map (as opposed to a JavaScript value) to JSON.