Contact emailsrous...@chromium.org, smcgr...@chromium.org Summary
PaymentInstruments <https://w3c.github.io/payment-handler/#paymentinstruments-interface> is the Web API that backs non-JIT install of payment apps (see https://w3c.github.io/payment-handler/). It was designed with the assumption that the browser would store the actual payment instrument details, which has not turned out to be true, and has some privacy leaks. It also has not shipped on any other browser, not have we seen any interest from other browser vendors. As such, we are interested in deprecating and removing the API. Blink componentBlink>Payments <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPayments> Motivation The PaymentInstruments.set() method allows an attacker website to store arbitrary data, which can later be retrieved via PaymentInstruments.get() potentially in a third-party context. For example, the user visits https://tracker.example, which generates and stores a UUID for that user via PaymentInstruments.set(key, UUID). Later, the user visits https://site.example, which opens an iframe for https://tracker.example. That iframe calls PaymentInstruments.get(key) and can retrieve the UUID, thus allowing https://tracker.example to know which user it is. Given the lack of uptake in PaymentInstruments.set(), versus the more common JIT-install path, as well as the overly powerful nature of the API, we propose to remove PaymentInstruments entirely. (PaymentInstruments was designed with the belief that the browser would know about individual payment methods (e.g., credit cards) rather than payment apps, hence the need to store/retrieve arbitrary information.) TAG review statusNot applicable Risks Interoperability and Compatibility*Gecko*: Does not implement the Payment Handler API. *WebKit*: Does not implement the Payment Handler API. *Web developers*: No signals *Other signals*: Metrics of API usage show little to no uptake (< 0.00010 % page loads) PaymentInstruments - https://chromestatus.com/metrics/feature/timeline/popularity/4229 PaymentInstruments.clear - https://chromestatus.com/metrics/feature/timeline/popularity/4230 PaymentInstruments.delete - https://chromestatus.com/metrics/feature/timeline/popularity/4231 PaymentInstruments.get - https://chromestatus.com/metrics/feature/timeline/popularity/4232 PaymentInstruments.has - https://chromestatus.com/metrics/feature/timeline/popularity/4233 PaymentInstruments.keys - https://chromestatus.com/metrics/feature/timeline/popularity/4234 PaymentInstruments.set - https://chromestatus.com/metrics/feature/timeline/popularity/4235 WebView application risksPayment Handler API is not implemented in WebView. Debuggability Standard DevTools debugging. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? Yes - https://wpt.fyi/results/payment-handler/payment-instruments.https.html Requires code in //chrome?False Tracking bughttps://crbug.com/1327265 Launch bughttps://crbug.com/1363633 Estimated milestones Would like to remove in M108. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5099285054488576 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAMMzaWGzus%3DU48U06m-gk7_2G6Wnhn59UJXLi9xW9uz5%2BEWQuA%40mail.gmail.com.
