Confirmed users
933
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Jump to navigation
Jump to search
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 21:10, 29 March 2018
, 29 March 2018Do not leak the user's address changes via preferences to merchants with open PaymentRequest dialogs having the edited address selected.
(minimum show time) |
(Do not leak the user's address changes via preferences to merchants with open PaymentRequest dialogs having the edited address selected.) |
||
| Line 2: | Line 2: | ||
* {{bug|1443735|avoid leaking the user's shipping address before payment}} (as much as possible) while still allowing shipping option calculations (both shipping methods and shipping availability) | * {{bug|1443735|avoid leaking the user's shipping address before payment}} (as much as possible) while still allowing shipping option calculations (both shipping methods and shipping availability) | ||
** Implement a minimum amount of time to show the dialog in the event of a .show followed by an immediate .abort (if we leak an address on .show) to reduce abuse. | ** Implement a minimum amount of time to show the dialog in the event of a .show followed by an immediate .abort (if we leak an address on .show) to reduce abuse. | ||
** Do not leak the user's address changes via preferences to merchants with open PaymentRequest dialogs having the edited address selected. | |||
* navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort. | * navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort. | ||
* attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking) | * attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking) | ||