- From: Jun <notifications@github.com>
- Date: Sun, 06 May 2018 10:56:06 +0000 (UTC)
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Sunday, 6 May 2018 10:56:32 UTC
Credit card information is saved in a browser and it isn’t tied to any origin. So if user trusts “dropbox.com/enterprise”, that’s a good way to monetize an XSS inside sandbox. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/698#issuecomment-386870782
Received on Sunday, 6 May 2018 10:56:32 UTC