Orie Steele
Orie Steele
I just joined, looks like the first calls are not for a couple weeks, and obviously the charter is still being considered... Thanks for the link to an alternative. Seems...
> If they don't need to worry about special framework footguns, the built-in Sanitizer API could fill that function. so it's a default sanitization strategy that can be turned off,...
AFAIK, the charter objections are now handled by the council, which is AB + TAG.... and they are responsible for handling disputes were the director would have weighed in previously....
@dveditz you said: > The Sanitizer API is complementary to Trusted Types. TT requires the page authors to create (or import) their own sanitizer. If they don't need to worry...
So basically, at some point Sanitizer API sorta becomes like trusted types in that it explodes when handling unsafe input wrt HTML / XSS... but but it can be extended...
Seems related to normative requirements for presentations... which really don't exist :)
PR is up here: https://github.com/w3c/vc-jwt/pull/1
This issue should be closed.
Here is a complete example of what I mean: - [hypothetical spec](https://transmute-industries.github.io/authorization-credentials/) - [working examples](https://github.com/transmute-industries/authorization-credentials/tree/master/examples)
I didn't post that hypothetical ZCAPs as VCs example to start a flame war, but to highlight weaknesses in the existing specs that are in my opinion, unnecessary and confusing...