• rentar42@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I thought about that, but I think it’s actually more error prone, because people might just be setting ?amount=32 and leaving out currency which might lead to unexpected behaviour. Implementors tend to interpret this differently and one app might take the default currency and the other might fail to accept it, and that kind of different behaviour is a common source of security issues. Having a single unified parameter that must always contain the value and currency “solves” that issue.

        • LufyCZ@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Makes it a bit more annoying to parse, though I definitely see your point.

          However, you’re still proposing a standard: “has to include both the currency and the amount in the parameter”, so why not split them up at that point?

    • sergih@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Idont’t think that’s a good idea, too many peoplr quickly pressing pay and then they tealizef only afyer paying thay there’s an extra 0

      • rentar42@kbin.social
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        There’s still plenty of steps that your bank app can (and will) take to verify this is as intended. Requiring the user to “parse” the URI is not scalable anyway, the app needs to present the information clearly (i.e. “Do you really want to transfer 123.45€ to IBAN abcd, you have not transferred money to this IBAN before, the IBAN indicates a bank in <country>” where the money amount is clearly highlighted).

        • sergih@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I agree, still having to input the money manually is the best failsafe, how many people are used to just automatically hitting whatever button to make a message go away for example (even more with the cookies), best failsafe is inputting the money manually, you’d never mistakenly/automatically do that.