canmove, Confirmed users
1,220
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 02:07, 17 August 2018
, 17 August 2018→User Interaction: restructure UX threats
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) (→User Interaction: restructure UX threats) |
||
| Line 77: | Line 77: | ||
== User Interaction == | == User Interaction == | ||
User must provide explicit consent granting card data | |||
* UX design should include explicit confirmation from the user (such as CVV confirmation before the pay button is enabled). | |||
* We should prevent attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking, UI redress attacks) | |||
It must be clear to the user which page initiated the payment. | |||
* Navigation away from a page showing a Payment Request dialog either should be prevented or the dialog should abort. | |||
* If we plan to show origin information in Payment dialog (as per current UX spec, but not implemented yet) this needs to avoid all URL spoofing/truncation attacks. | |||
Web pages must not be able to interfere with the Payment Request dialog | |||
* Prevent overlaying content on top of the dialog, or forcing part of the dialog off screen | |||
* Ensure that any string originating from content are sanitized for display | |||
Prevent web pages from coercing the user into payment | |||
* An abusive website could repeatedly invoke the payment request dialog and thus hold the user hostage until they pay. To prevent this, the proposed design will allow the user to close the whole tab while the Payment Request dialog is open. | |||
== Process Separation and Sandboxing == | == Process Separation and Sandboxing == | ||