- From: Boris Zbarsky <notifications@github.com>
- Date: Fri, 02 Dec 2016 06:23:08 -0800
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Received on Friday, 2 December 2016 14:23:41 UTC
The point is, it allows B to embed an A iframe and try to manipulate it in various ways (postMessage, URL structure, etc) to try to get it to trigger a payment request. If the inner iframe is written defensively enough this may be ok, but if it's not, you end up with a problem. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/332#issuecomment-264464630
Received on Friday, 2 December 2016 14:23:41 UTC