Follow OWASP best practices on CC presentation on checkout form (#207)

* Follow OWASP best practices on CC presentation on checkout form

See OWASP recommendations here:
<https://www.owasp.org/index.php/Handling_E-Commerce_Payments#Displaying_portions_of_the_credit_card>

* Use `input type=password`
* Set `autocomplete="off"`

* Change credit_card_number input type back to "text"
This commit is contained in:
Chris Proto 2019-04-30 12:46:50 -04:00 committed by Ahmet Alp Balkan
parent f2f382f6bb
commit f276995585

View file

@ -132,7 +132,8 @@
</div>
<div class="col-md-2 mb-3">
<label for="credit_card_cvv">CVV</label>
<input type="text" class="form-control" id="credit_card_cvv"
<input type="password" class="form-control" id="credit_card_cvv"
autocomplete="off"
name="credit_card_cvv" value="672" required pattern="\d{3}">
</div>
</div>