CollectedClientData serialization is confusing WebIDL and/or Infra values for ECMAScript values #2056
Description
https://www.w3.org/TR/webauthn-3/#clientdatajson-serialization ends up calling ECMAScript operations on WebIDL and/or Infra values.
For example:
- Append CCDToString(type) to result.
Here type is a WebIDL value, of type DOMString. If we look at CCDToString it does:
- Invoke ToString on the given object to convert to a string.
Invoking ToString on a DOMString is not defined, it expects an ECMAScript value. This should probably use the Infra algorithm to serialize an Infra value to JSON bytes.
Another example is step 14.1:
- Invoke serialize JSON to bytes on the temporary copy to produce a byte string remainder.
The temporary copy is created in step 12:
- Create a temporary copy of the CollectedClientData and remove the fields type, challenge, origin, crossOrigin (if present), and topOrigin (if present).
Nothing really defines how that should work I think, it would be clearer if it used Infra operations like https://infra.spec.whatwg.org/#map-clone and https://infra.spec.whatwg.org/#map-remove on the WebIDL dictionary (which is an ordered map). It can then again use the Infra algorithms to convert the map (as opposed to a JavaScript value) to JSON.