Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Free text in description. #259

Open
Sakurann opened this issue Oct 7, 2024 · 1 comment · May be fixed by #262
Open

Free text in description. #259

Sakurann opened this issue Oct 7, 2024 · 1 comment · May be fixed by #262
Labels

Comments

@Sakurann
Copy link
Collaborator

Sakurann commented Oct 7, 2024

There are certain risks associated with free text, some of which are elaborated in threads like these (though not entirely) [https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253(https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253)

I probably won't be able to convince the authors in removing the free text description property from the metadata, which is defined as A human-readable description for the type, intended for developers reading the JSON document. So at least would be great if security considerations for free text can be added.
Thanks.

@danielfett danielfett linked a pull request Oct 8, 2024 that will close this issue
@danielfett
Copy link
Member

I'm not sure... While the risk is real, so are many other risks. It's 2024 and developers should have learned not to trust information. We also don't consider warning people of SQL injection attacks via JSON metadata files. But maybe we should?

Anyway and nonetheless, to see what it would look like, I drafted a PR: #262

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants