From 467ac72b80017990035a871020af301bbf022d8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Fri, 6 Dec 2019 16:22:33 +1100 Subject: [PATCH 1/5] fix: use new user activation model --- index.html | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 94aa8274..25a6763e 100644 --- a/index.html +++ b/index.html @@ -956,11 +956,14 @@

follows:

    +
  1. Let |window:Window| be the [=relevant global object=] of the + [=environment settings object/responsible document=]. +
  2. - If the method was not triggered by user activation, return - a promise rejected with with a {{"SecurityError"}} - {{DOMException}}. + If the method was not triggered by transient activation, or + the |window|'s transient activation has expired, return [=a + promise rejected with=] with a {{"SecurityError"}} {{DOMException}}.
  3. Let |request:PaymentRequest| be the context object.
    4. @@ -5129,8 +5132,8 @@

    To help ensure that users do not inadvertently share sensitive credentials with an origin, this API requires that PaymentRequest's - show() method be triggered by user activation (e.g., - via a click or press). + show() method be triggered by transient activation + (e.g., via a click or press).

    To avoid a confusing user experience, this specification limits the From 798f6d79ece4910202feda84cf37d672fadb3e97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Fri, 6 Dec 2019 16:29:17 +1100 Subject: [PATCH 2/5] Some nits --- index.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 25a6763e..f3553691 100644 --- a/index.html +++ b/index.html @@ -961,9 +961,9 @@

  4. - If the method was not triggered by transient activation, or - the |window|'s transient activation has expired, return [=a - promise rejected with=] with a {{"SecurityError"}} {{DOMException}}. + If the method was not triggered by [=transient activation=], or the + |window|'s [=transient activation=] has expired, return [=a promise + rejected with=] with a {{"SecurityError"}} {{DOMException}}.
  5. Let |request:PaymentRequest| be the context object.
    6. @@ -5132,8 +5132,8 @@

    To help ensure that users do not inadvertently share sensitive credentials with an origin, this API requires that PaymentRequest's - show() method be triggered by transient activation - (e.g., via a click or press). + show() method be triggered by [=transient activation=] (e.g., + via a click or press).

    To avoid a confusing user experience, this specification limits the From 31cb9ae963113390777d4b6726e4610c7a44b537 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Fri, 6 Dec 2019 16:39:32 +1100 Subject: [PATCH 3/5] Simplify further --- index.html | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index f3553691..a25f6fba 100644 --- a/index.html +++ b/index.html @@ -961,9 +961,8 @@

  6. - If the method was not triggered by [=transient activation=], or the - |window|'s [=transient activation=] has expired, return [=a promise - rejected with=] with a {{"SecurityError"}} {{DOMException}}. + If |window| does not have [=transient activation=], return [=a + promise rejected with=] with a {{"SecurityError"}} {{DOMException}}.
  7. Let |request:PaymentRequest| be the context object.
    8. From 80caf3b1534847bf95af4673af3e9500367a7bf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Mon, 9 Dec 2019 22:17:06 +1100 Subject: [PATCH 4/5] Maybe address review feedback --- index.html | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/index.html b/index.html index a25f6fba..3770c92c 100644 --- a/index.html +++ b/index.html @@ -956,13 +956,11 @@

    follows:

      -
    1. Let |window:Window| be the [=relevant global object=] of the - [=environment settings object/responsible document=]. -
    2. - If |window| does not have [=transient activation=], return [=a - promise rejected with=] with a {{"SecurityError"}} {{DOMException}}. + If the [=relevant global object=] does not have [=transient + activation=], return [=a promise rejected with=] with a + {{"SecurityError"}} {{DOMException}}.
    3. Let |request:PaymentRequest| be the context object.
      4. @@ -5131,8 +5129,8 @@

      To help ensure that users do not inadvertently share sensitive credentials with an origin, this API requires that PaymentRequest's - show() method be triggered by [=transient activation=] (e.g., - via a click or press). + show() method be invoked while the relevant {{Window}} has + [=transient activation=] (e.g., via a click or press).

      To avoid a confusing user experience, this specification limits the From ca9f2b0ff2da37f88c075d50c2d2d24166f54f09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Wed, 11 Dec 2019 01:26:39 +1100 Subject: [PATCH 5/5] Assocaite relevant global object to *this* --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index 3770c92c..4361e8ab 100644 --- a/index.html +++ b/index.html @@ -958,8 +958,8 @@

      1. - If the [=relevant global object=] does not have [=transient - activation=], return [=a promise rejected with=] with a + If the [=relevant global object=] of [=this=] does not have + [=transient activation=], return [=a promise rejected with=] with a {{"SecurityError"}} {{DOMException}}.
      2. Let |request:PaymentRequest| be the context object.