EIP-29 Attachment #58
Conversation
eip-0029.md
Outdated
|
|
||
| `Pair([0x50, 0x52, 0x50], Coll[Byte])` | ||
|
|
||
| This is a pair of a constant Coll[Byte] used to identify this register as a purpose message |
There was a problem hiding this comment.
How about "any" register as a purpose message? Any reason we can't allow people to put a memo running through all additional registers?
eip-0029.md
Outdated
|
|
||
| | Purpose message | Register hex representation | | ||
| | ----------------------- |:------------------------------------------------------------------:| | ||
| | "Your loan January" | 3c0e0e0350525011596f7572206c6f616e204a616e75617279 | |
There was a problem hiding this comment.
For sanitization, would it maybe be good to demand the data format encoded be something with known injection protection? Just thinking JSON parsers are known to safely parse JSON, XML parsers as well may, ProtoBuf as well etc.
When a receiving application tries to render the message, if it is a plain string and they don't purposefully sanitize it before rendering, it could present an injection attack vector on that application. If they are forced to use a known safe parser by making the message a specific format, it may create a safety net for applications consuming this field.
There was a problem hiding this comment.
There should be no injection possible with plain strings as long as they are not handled as something different. Using json serialization to handle a single string is just adding complexity as long as the serialized message is nothing different than a single string.
Generalisation of idea of Purpose message
No description provided.