-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should a website be able to provide a label for the "Buy" or "Checkout" button displayed in the payment app? #66
Comments
👎 unless we have a pre-defined set of verbs the payee can choose from or these are automatically inferred by the payment app based on the terms of the request. The ability for the entity requesting payment to manipulate the user interface presented to the payer should be considered VERY carefully. This is heavily locked down in many existing payment systems today for good reason. EXAMPLE: A developer writing custom firmware for physical card acceptance devices is unable to use custom prompts when the device is requesting input from the user. The reasoning is that the developer could publish a malicious application that prompts a user to input their PIN when the data is not being captured securely and the developer is therefor able to steal the user's PIN. This is a well-understood attack vector in a very mature payments system. Allowing payee's to control the input/prompts presented to users in our far more open and flexible system may expose the user to attacks we can't even imagine today. I would suggest 3 alternatives (with preference for the first):
|
Is there danger that if we attempt to define these "terms" it will run On Mon, Jan 25, 2016 at 7:58 AM, Adrian Hope-Bailie <
-Shane |
I prefer that the browser has the control of the UI strings, including the button label. I expect Chrome's UI to always default to a single generic term, for example "Pay", "Buy", or "Authorize". |
+1 to Rouslan’s suggestion.
|
Migrated to w3c/payment-request#56. @adrianhopebailie, this is your issue, please close it if you feel that w3c/payment-request#56 should be the new home for this issue. |
Have picked this up in the new thread. |
Migrated from: https://github.com/WICG/paymentrequest/issues/46
@adrianba:
@mattsaxon:
@ianbjacobs:
The text was updated successfully, but these errors were encountered: