New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
9.10.1 The push() method doesn't mention how record data is verified #277
Comments
9.10.1 Step 10.14. .. ah too much nesting, basically this step ->
Did you mean "overflow" errors? Like developer trying to push more than tag capacity ? |
10.8 of https://w3c.github.io/web-nfc/#the-push-method states:
And 'create Web NFC message' process verifies data of |
Right now the implementation (and the underlying platform) decide what to do with the input received from a web page. I suggest we factor out from the push steps the "validate NDEFMessage" steps, eventually relying on "validate NDEFRecord" steps. |
Please do! 👍 |
Signed-off-by: Zoltan Kis <zoltan.kis@intel.com>
Might be still valid, reopening until confirmed. |
@zolkis Can we close it or is this issue still valid? |
As to the opening comment, I think the algorithms do deal with bogus input (since they react only on valid values and throw otherwise). But it would be good to have a second look at it, maybe @leonhsl could you check the "create" algorithms and close the issue if it's the case? |
https://w3c.github.io/web-nfc/#creating-ndef-message is verifying various user input, in this respect I think we can close this one. |
Like it just states that things should be of type NFCMessageInit, but there is no verification that for instance recordType isn't set to bogus values like "blah-blah". It seems pretty vague, and just trusts that people look at the data mapping table and known how to follow that, but it doesn't even refer to that today
I wonder how we implemented this
The text was updated successfully, but these errors were encountered: