Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What happens with Braintree.js if Javascript is turned off?

At one point I had looked at Braintree as a possible payment vendor and checked out their API. At the time, they had the "Transparent Redirect" option which solved a lot of PCI compliance issues without having the user see the payment vendor's website. This option posted the credit card data to Braintree's servers and sent back a 302 redirect with a token.

Now it looks like they're pushing the Braintree.js option, which encrypts the credit card data in the browser before posting it to the seller's website. My question is this:

What happens when Javacript is turned off in the user's browser?

I realize that since the input tags don't have a name attribute they won't be posted, so that's not a security risk as far as plaintext card numbers go. But does the transaction just bomb out? Is there really no fallback for customer's that don't have JS working for whatever reason?

Edit: Just to be clear, I'm fully aware of how Javascript works on the browser, etc. This question is more specific to what happens with the Braintree API itself and the options available within it.

like image 495
Shea Daniels Avatar asked Aug 29 '13 15:08

Shea Daniels


1 Answers

Any JavaScript on the page will do absolutely nothing if JavaScript isn't enabled.

One option is to have your page set up as if JavaScript doesn't exist. Then, have the JavaScript remove the old school stuff from the page, and load the JavaScript version.

The obvious downside is that you're slowing everything down slightly for the vast majority of users, to aid a small group of people. If you need to do that in your business, okay.

In my personal opinion, because no browsers disable JavaScript by default, those users are opting out from a large number of services and experiences on the web. Even screenreaders have JavaScript enabled 98.5% of the time (2011 and 2013 studies/surveys).

like image 172
Brigand Avatar answered Oct 04 '22 12:10

Brigand