canmove, Confirmed users
1,220
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 01:59, 17 August 2018
, 17 August 2018→User Interaction
Ptheriault (talk | contribs) (→User Interaction: adding more UX threats) |
Ptheriault (talk | contribs) |
||
| Line 80: | Line 80: | ||
Navigations away from a page showing a Payment Request dialog either should be prevented or the dialog should abort. | Navigations away from a page showing a Payment Request dialog either should be prevented or the dialog should abort. | ||
We should prevent attacks where the user is tricked into interacting with the Payment Request dialog (e.g., clickjacking), | We should prevent attacks where the user is tricked into interacting with the Payment Request dialog (e.g., clickjacking), by requiring CVV confirmation before the pay button is enabled. | ||
An abusive website could repeatedly invoke the payment request dialog and thus hold the user hostage until they pay. To prevent this, the proposed design will allow the user to close the whole tab while the Payment Request dialog is open. | An abusive website could repeatedly invoke the payment request dialog and thus hold the user hostage until they pay. To prevent this, the proposed design will allow the user to close the whole tab while the Payment Request dialog is open. | ||