vbatts/microservices-demo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Follow OWASP best practices on CC presentation on checkout form

Browse source 
See OWASP recommendations here:
<https://www.owasp.org/index.php/Handling_E-Commerce_Payments#Displaying_portions_of_the_credit_card>

* Use `input type=password`
* Set `autocomplete="off"`
This commit is contained in:
Chris Proto 2019-04-09 11:43:23 -04:00
parent 57b316c045
commit 994b62bd30
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/frontend/templates/cart.html
View file

@ -95,7 +95,8 @@
<div class="form-row"> <div class="form-row">
<div class="col-md-6 mb-3"> <div class="col-md-6 mb-3">
<label for="credit_card_number">Credit Card Number</label> <label for="credit_card_number">Credit Card Number</label>
<input type="text" class="form-control" id="credit_card_number" <input type="password" class="form-control" id="credit_card_number"
autocomplete="off"
name="credit_card_number" name="credit_card_number"
placeholder="0000-0000-0000-0000" placeholder="0000-0000-0000-0000"
value="4432-8015-6152-0454" value="4432-8015-6152-0454"
@ -132,7 +133,8 @@
</div> </div>
<div class="col-md-2 mb-3"> <div class="col-md-2 mb-3">
<label for="credit_card_cvv">CVV</label> <label for="credit_card_cvv">CVV</label>
<input type="text" class="form-control" id="credit_card_cvv" <input type="password" class="form-control" id="credit_card_cvv"
autocomplete="off"
name="credit_card_cvv" value="672" required pattern="\d{3}"> name="credit_card_cvv" value="672" required pattern="\d{3}">
</div> </div>
</div> </div>