Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid submitting credit card and other form fields to your server when using payment integration like Stripe JS #32

Open
eliotsykes opened this issue May 30, 2017 · 0 comments
Open

Avoid submitting credit card and other form fields to your server when using payment integration like Stripe JS #32

eliotsykes opened this issue May 30, 2017 · 0 comments

Comments

@eliotsykes
Copy link
Owner

eliotsykes commented May 30, 2017
edited

When using a payment integration like Stripe JS for taking credit card details, ensure that any HTML forms that contain the credit card number fields do not submit those fields to your server (they should only be submitted to Stripe via JS on the client). This can be done by not giving the <input> fields a name attribute.

<!-- Bad, this will submit the card number to your server -->
<input type="text" data-stripe="number" name="card_number">

<!-- OK, depending on your JS, this is less likely to submit 
  the card number to your server, still manually check as described below -->
<input type="text" data-stripe="number">

View the generated HTML source to check and try submitting the form with data and check your server logs to ensure that the credit card data is not sent to your server.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eliotsykes