Re: [webpayments] How do we prevent keyboard hooking during payment? (#90)

I see... I just wonder if our proposal can contain some mechanism related with secure input. For example, in the proposal, could we suggest Payment Mediator ( the browser) provide an element such as "secure input' (something like <input type="password" secure /> ), which can ensure that malicious processes can't hook the input.
And another question is, how does our proposal ensure that malicious scripts/attacks can't get what user types in password box?  I mean if malicious scripts is injected into current page, then what if hackers use input.value to get the password?

Reply to this email directly or view it on GitHub:

Received on Tuesday, 16 February 2016 01:17:19 UTC