Menu
I have this question: is safe use an iframe to load the page where the customer will do the payment. For example paypal or DineroMail or the page that does the credit card payment. Because My boss wants that the customer feels that never leaves the site so in my site I added an iframe (and inside this I load the url of the payment) but don't know if is correct and safe or no.
Thanks.
532
The iFrame contains a malicious form that can lead the user to submit sensitive information. This threat can be solved by using sandbox with removing allow-forms . The iFrame may unintentionally download malware to the user's computer.
To put it simply, an iframe allows an e-commerce website to embed a payment page from a third party payment service provider (PSP), so that the payment information is collected within the PSP's environment.
An iFrame represents a nested browsing context inside an existing HTML document. It's the number one way to host third-party content safely. The content inside an iFrame can't access the content of its host and vice-versa. This creates a wall between the host website and the third party.
In the e-commerce space, iFrames have become a popular option for merchants to maintain PCI DSS compliance and keep the checkout process accessible from inside their webpage.
From a technical security point of view (Same Origin Policy), it is exactly as safe to open an iframe as it is to open a new tab.
From a UI point of view, opening an iframe in certain locations can deceive the user and you might be accused of trying to clickjack the user into making an inadvertent payment if you are not careful.
I cannot say anything about PayPal's own policy, but you should make sure they are okay with it.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
