- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 16 Aug 2016 07:02:21 +0200
- To: Craig Francis <craig@craigfrancis.co.uk>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On 2016-08-16 01:11, Craig Francis wrote: > Personally I think "assuming the correct iframe has been opened" is the problem, > and because most websites are doing things like running out of date versions of WordPress, > they need to have at least a basic check that things "seem to be ok". Apple have addressed the client-side of payment-security both with respect to the merchant and the user in a pretty elegant way: https://developer.apple.com/videos/play/wwdc2016/703/ Other payment providers will not be able to provide such solutions in foreseeable time. Fixing IFRAMEs is unlikely to be the answer. Anders
Received on Tuesday, 16 August 2016 05:02:55 UTC