Re: [w3c/payment-request] To address branded button issues and improve privacy, add browser support for payment method selection before the sheet (#777) from ianbjacobs on 2018-10-16 (public-webpayments-specs@w3.org from October 2018)

From: ianbjacobs <notifications@github.com>
Date: Tue, 16 Oct 2018 10:21:24 -0700
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/777/430323183@github.com>

@adrianhopebailie wrote:

"Could someone explain what these security reasons are?"

I have heard that if the merchant can choose an arbitrary image, they could, for example, show a BobPay image but actually code the payment method as evalpay.com via PR API. Therefore, we want to let the browser get the image from the domain of the payment method.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/777#issuecomment-430323183

Received on Tuesday, 16 October 2018 17:21:45 UTC