Free text in description. #259
Labels
Comments
|
I'm not sure... While the risk is real, so are many other risks. It's 2024 and developers should have learned not to trust information. We also don't consider warning people of SQL injection attacks via JSON metadata files. But maybe we should? Anyway and nonetheless, to see what it would look like, I drafted a PR: #262 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are certain risks associated with free text, some of which are elaborated in threads like these (though not entirely) [https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253(https://github.com/openid/OpenID4VP/pull/220#discussion_r1696310253)
I probably won't be able to convince the authors in removing the free text
descriptionproperty from the metadata, which is defined asA human-readable description for the type, intended for developers reading the JSON document.So at least would be great if security considerations for free text can be added.Thanks.
The text was updated successfully, but these errors were encountered: