W3C home > Mailing lists > Public > public-payments-wg@w3.org > February 2016

Re: [webpayments] How do we prevent keyboard hooking during payment? (#90)

From: oldoldb <notifications@github.com>
Date: Mon, 15 Feb 2016 17:16:45 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/90/184464133@github.com>
I see... I just wonder if our proposal can contain some mechanism related with secure input. For example, in the proposal, could we suggest Payment Mediator ( the browser) provide an element such as "secure input' (something like <input type="password" secure /> ), which can ensure that malicious processes can't hook the input.
And another question is, how does our proposal ensure that malicious scripts/attacks can't get what user types in password box?  I mean if malicious scripts is injected into current page, then what if hackers use input.value to get the password?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/90#issuecomment-184464133
Received on Tuesday, 16 February 2016 01:17:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:14 UTC