-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We should add a character limit to name
and short_name
#1070
Comments
As noted, implementations use different strategies to deal with excessive length of these members. So, instead of imposing a limit, we could document that implementations need to find strategies to deal with excessive string lengths (or if there are spoofing opportunities, we should suggest mitigations). Similarly, we could suggest developers limit the length of these strings to something reasonable. |
I agree with @marcoscaceres . This feels very much in the domain of UX, not something where the spec should impose arbitrary limits. If you were to apply the lowest common denominator here, Android's app list truncates names to somewhere between 8 and 12 characters (depending on the font and the width of the individual glyphs). In other contexts, limiting the name to just 8 characters would look quite silly next to other less-truncated names. The spoofing issue here is that a name would be shown longer in the install / update prompt, than it is in the app list, so two apps that have distinct names at install time have the same name when truncated. The solution to this is that the UI at install time should use the same truncation as the system's app list (if possible), so that the user sees the same thing in both places. That doesn't require spec support. Similarly, if we're talking about a denial-of-service where an app has a multi-megabyte name or something, the user agent can fix that by truncating it to, say, ~1K, which is longer than any UI will display. You don't need the spec to tell you to do that: you are free to ignore any part of any field you like. |
+1 to what @marcoscaceres & @mgiuca. I think authoring guidelines are the extent of what we should do. I think we have similar language in the |
Great, I like this. Thanks for the discussion. I'll plan on authoring guidelines here so at least developers are aware that these strings may be truncated. |
You may wish to refer to this section of Best Practices for International Specs for more info on length limitations. |
This directly impacts designing UX around displaying app names, and also can cause possible spoofing issues. The standard for extensions is 12 characters for
short_name
, and 45 characters forname
.Apple limits names to 30 chars, play store is 50.
The text was updated successfully, but these errors were encountered: