You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are certain risks associated with free text, some of which are elaborated in threads like these (though not entirely) [https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253(https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253)
I probably won't be able to convince the authors in removing the free text description property from the metadata, which is defined as A human-readable description for the type, intended for developers reading the JSON document. So at least would be great if security considerations for free text can be added.
Thanks.
The text was updated successfully, but these errors were encountered:
I'm not sure... While the risk is real, so are many other risks. It's 2024 and developers should have learned not to trust information. We also don't consider warning people of SQL injection attacks via JSON metadata files. But maybe we should?
Anyway and nonetheless, to see what it would look like, I drafted a PR: #262
There are certain risks associated with free text, some of which are elaborated in threads like these (though not entirely) [https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253(https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253)
I probably won't be able to convince the authors in removing the free text
description
property from the metadata, which is defined asA human-readable description for the type, intended for developers reading the JSON document.
So at least would be great if security considerations for free text can be added.Thanks.
The text was updated successfully, but these errors were encountered: