Confirmed users
933
edits
Firefox/Features/Web Payments/Privacy & Security Considerations: Difference between revisions
Jump to navigation
Jump to search
Firefox/Features/Web Payments/Privacy & Security Considerations (view source)
Revision as of 21:12, 8 March 2018
, 8 March 2018add address privacy leak
(add bug 1269050) |
(add address privacy leak) |
||
| Line 1: | Line 1: | ||
Some things to keep in mind while working on Payment Request relating to privacy/security: | Some things to keep in mind while working on Payment Request relating to privacy/security: | ||
* {{bug|1443735|avoid leaking the user's shipping address before payment}} (as much as possible) while still allowing shipping option calculations (both shipping methods and shipping availability) | |||
* navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort. | * navigations away from a page showing a Payment Request dialog should either be prevented or the dialog should abort. | ||
* attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking) | * attacks where the user is tricked into interacting with the Payment Request dialog (e.g. clickjacking) | ||
| Line 9: | Line 10: | ||
** default to not saving new addresses | ** default to not saving new addresses | ||
** don't update storage metadata | ** don't update storage metadata | ||
** don't leak the user's shipping address without clear understanding | |||
** don't remember the last used address for the site | |||
* Integrate with Clear Recent History / Sanitizer? | * Integrate with Clear Recent History / Sanitizer? | ||
** N/A for basic-card | ** N/A for basic-card | ||