Follow OWASP best practices on CC presentation on checkout form (#207)

* Follow OWASP best practices on CC presentation on checkout form See OWASP recommendations here: <https://www.owasp.org/index.php/Handling_E-Commerce_Payments#Displaying_portions_of_the_credit_card> * Use `input type=password` * Set `autocomplete="off"` * Change credit_card_number input type back to "text"
2019-04-30 12:46:50 -04:00 · 2019-04-30 12:46:50 -04:00 · f276995585
commit f276995585
parent f2f382f6bb
1 changed files with 2 additions and 1 deletions
--- a/src/frontend/templates/cart.html
+++ b/src/frontend/templates/cart.html
@ -132,7 +132,8 @@
                                        </div>
                                    <div class="col-md-2 mb-3">
                                        <label for="credit_card_cvv">CVV</label>
-                                        <input type="text" class="form-control" id="credit_card_cvv"
+                                        <input type="password" class="form-control" id="credit_card_cvv"
+                                            autocomplete="off"
                                            name="credit_card_cvv" value="672" required pattern="\d{3}">
                                    </div>
                                </div>