CREDENTIAL: Note danger of exposing user edits to the web

mikewest · mikewest · commit 579dcbec01da · 2015-09-04T11:28:06.000+02:00
Closes #381.
diff --git a/specs/credentialmanagement/index.html b/specs/credentialmanagement/index.html
@@ -71,7 +71,7 @@
    <h1 class="p-name no-ref" id="title">Credential Management Level 1</h1>
   
    <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft,
-    <time class="dt-updated" datetime="2015-09-03">3 September 2015</time></span></h2>
+    <time class="dt-updated" datetime="2015-09-04">4 September 2015</time></span></h2>
   
    <div data-fill-with="spec-metadata">
     <dl>
@@ -3108,12 +3108,18 @@ <h3 class="heading settled" data-level="7.2" id="privacy-chooser-leakage"><span
   cache them for the lifetime of the <code class="idl"><a data-link-type="idl" href="#credential">Credential</a></code>.</p>
 
 
-    <p>Further, these images MUST be fetched with the <code>credentials</code> mode
-  set to "<code>omit</code>", the <code>skip-service-worker flag</code> set, the
+    <p>These images MUST be fetched with the <code>credentials</code> mode set to
+  "<code>omit</code>", the <code>skip-service-worker flag</code> set, the
   <code>client</code> set to <code>null</code>, the <code>initiator</code> set
   to the empty string, and the <code>destination</code> set to
   <code>subresource</code>.</p>
 
+
+    <p>Moreover, if the user agent allows the user to change either the name or icon
+  associated with the credential, the alterations to the data SHOULD NOT be
+  exposed to the website (consider a user who names two credentials for an
+  origin "My fake account" and "My real account", for instance).</p>
+
   
     <h3 class="heading settled" data-level="7.3" id="locally-stored-data"><span class="secno">7.3. </span><span class="content">Locally Stored Data</span><a class="self-link" href="#locally-stored-data"></a></h3>
 
diff --git a/specs/credentialmanagement/index.src.html b/specs/credentialmanagement/index.src.html
@@ -2051,12 +2051,17 @@ <h3 id="privacy-chooser-leakage">Chooser Leakage</h3>
   the images in the background when saving or updating a {{Credential}}, and to
   cache them for the lifetime of the {{Credential}}.
 
-  Further, these images MUST be fetched with the <code>credentials</code> mode
-  set to "<code>omit</code>", the <code>skip-service-worker flag</code> set, the
+  These images MUST be fetched with the <code>credentials</code> mode set to
+  "<code>omit</code>", the <code>skip-service-worker flag</code> set, the
   <code>client</code> set to <code>null</code>, the <code>initiator</code> set
   to the empty string, and the <code>destination</code> set to
   <code>subresource</code>.
 
+  Moreover, if the user agent allows the user to change either the name or icon
+  associated with the credential, the alterations to the data SHOULD NOT be
+  exposed to the website (consider a user who names two credentials for an
+  origin "My fake account" and "My real account", for instance).
+
   <h3 id="locally-stored-data">Locally Stored Data</h3>
 
   This API offers an <a>origin</a> the ability to store data persistently along
