Skip to content

Add notes regarding label usage, provided by i18n review #841

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add notes regarding label usage, provided by i18n review #841

wants to merge 3 commits into from

Conversation

inexorabletash
Copy link
Member

@inexorabletash inexorabletash commented Apr 28, 2025
edited by pr-preview bot
Loading

A suggested by @xfq, add additional details about operator labels, clarifying that they are not intended to be natural language strings. And include an advisement that use of developer-provided labels is subject to spoofing, and implementations should sanitize them.

Resolves #837

Preview | Diff

@inexorabletash
Add notes regarding label usage, provided by i18n review
be8515b 
A suggested by @xfq, add additional details about operator labels,
clarifying that they are not intended to be natural language strings.
And include an advisement that use of developer-provided labels is
subject to spoofing, and implementations should sanitize them.
@inexorabletash inexorabletash mentioned this pull request Apr 28, 2025
Open
@inexorabletash inexorabletash requested review from xfq and anssiko April 28, 2025 18:42
@inexorabletash
Copy link
Member Author

@xfq can you take a peek at the additions? I quoted your excellent suggested text directly.

anssiko
anssiko requested changes May 5, 2025
View reviewed changes
Copy link
Member

@anssiko anssiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The text in itself looks great to me. A suggestion on where to place this text:

Folks reading the Programming Model section may feel this section is too label heavy, so I suggest we place this text in https://www.w3.org/TR/webnn/#dom-mloperatoroptions-label instead.

Similarly, I'd propose to migrate the existing label related note to the same section.

(Per https://www.w3.org/TR/international-specs/#I18N_Considerations another option would be a dedicated Internationalization Considerations section but it seems inline in the body of the specification is preferred.)

@anssiko anssiko mentioned this pull request May 5, 2025
Open
25 tasks
@inexorabletash
Copy link
Member Author

I suggest we place this text in https://www.w3.org/TR/webnn/#dom-mloperatoroptions-label instead.

Done in a3f8ab2

xfq
xfq reviewed May 6, 2025
View reviewed changes
index.bs

Note: Implementations are encouraged to use the {{MLOperatorOptions/label}} provided by developers to enhance error messages and improve debuggability, including both synchronous errors during graph construction and for errors that occur during the asynchronous {{MLGraphBuilder/build()}} method.

Advisement: When displaying labels provided by developers via {{MLOperatorOptions/label}} in debugging tools, logs, or error messages, implementations should sanitize the output to prevent security risks, such as injection of malicious Unicode sequences (e.g., bidirectional control characters as described in Unicode Technical Report #36, Trojan Source attacks). For example, implementations should escape or filter control characters (e.g., U+202A to U+202E, U+2066 to U+2069) or use a safe rendering mechanism to neutralize potential spoofing.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A link to the relevant section of UTR#36 would be useful: https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And maybe https://www.unicode.org/reports/tr55/

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@xfq xfq xfq left review comments

@anssiko anssiko anssiko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

String metadata and localization for operator labels
3 participants
@inexorabletash @anssiko @xfq