Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions

Revision as of 00:54, 10 November 2017

Some things to keep in mind while working on Payment Request relating to privacy/security:

navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort.
attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking)
- The pay button should probably have a security delay
security state of the page e.g. HTTPS vs. HTTP, invalid certificate, etc.
- Only allowed on secure contexts. Should we disable for cert overrides? What about for developers?
- Most relevant for payment information
Private browsing mode
- default to not saving new addresses
- don't update storage metadata
Integrate with Clear Recent History / Sanitizer?
- N/A for basic-card
Don't save the CVV anywhere (including form history)
Master password: Require entry before every use of the plaintext card number
Spoofing issues from showing page generated strings in a privileged dialog
- e.g. we should constrain the amount of space that the untrusted strings can take on the screen and handle special characters e.g. whitespace and new lines carefully

@@ Line 1: / Line 1: @@
 Some things to keep in mind while working on Payment Request relating to privacy/security:
+* navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort.
 * attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking)
+** The pay button should probably have a security delay
 * security state of the page e.g. HTTPS vs. HTTP, invalid certificate, etc.
 ** Only allowed on secure contexts. Should we disable for cert overrides? What about for developers?