Issue 642767 link

Starred by 1 user

Issue metadata

Status:	Assigned
Owner:	mahmadi@chromium.org
Cc:	ios-bugs@chromium.org
Components:	UI>Browser>Payments
EstimatedDays:	----
NextAction:	----
OS:	iOS
Pri:	3
Type:	Feature

Implement defensive limits on the size of Payment Request API inputs

Project Member Reported by jdonnelly@chromium.org, Aug 31 2016

Issue description

Performance problems or degenerate UI cases could be caused by excessively large inputs from malicious or malfunctioning pages. To protect against this, we should limit the size of all variable-length inputs (methodData, supportedMethods, shippingOptions, etc.) that we're willing to handle. This limit should be high so as to not preclude any possible practical use.

Comment 1 by rouslan@chromium.org, Aug 31 2016

Labels: -Type-Bug Type-Feature
Owner: rouslan@chromium.org
Status: Assigned (was: Untriaged)

Comment 2 by jdonnelly@chromium.org, Jun 6 2017

Cc: -jdonnelly@chromium.org

Comment 3 by rouslan@chromium.org, Jun 8 2017

Cc: -rouslan@chromium.org
Labels: -OS-Android
Owner: mahmadi@chromium.org

Already implemented in Android. Still need for iOS.

Comment 4 by lafo...@chromium.org, Jun 27 2017

Components: -UI>Browser>Autofill>Payments UI>Browser>Payments

►

Issue 642767 link

Issue metadata

Implement defensive limits on the size of Payment Request API inputs

Issue description

Comment 1 by rouslan@chromium.org, Aug 31 2016

Comment 1 Deleted

Comment 2 by jdonnelly@chromium.org, Jun 6 2017

Comment 2 Deleted

Comment 3 by rouslan@chromium.org, Jun 8 2017

Comment 3 Deleted

Comment 4 by lafo...@chromium.org, Jun 27 2017

Comment 4 Deleted

Sign in to add a comment