Arvind hariharan | Stripe Developers | Page 1

buoyant pierBOT May 9, 2023, 7:03 AM

#

flint sequoia May 9, 2023, 7:03 AM

#

Hi there, how can I help?

tawdry forge May 9, 2023, 7:04 AM

#

Hi jack. Wanted to understand how stripe handles Cross site scripting attacks vulnerabilities since Elements host all form inputs containing card data within an iframe served from Stripe’s domain.

#

Do we need to do anything from our end to prevent it?

flint sequoia May 9, 2023, 7:07 AM

#

Are you asking how to prevent attacks to your website or to Stripe?

tawdry forge May 9, 2023, 7:09 AM

#

since Apple Pay or google pay pop ups opens through an i Frame which is hosted by stripe elements. How is stripe preventing the cross site scripting attacks for those?

#

yeah i am asking how to prevent attacks to stripe's iframe

#

if it is handled by stripe then how is that handled?

flint sequoia May 9, 2023, 7:12 AM

#

1/ Apple Pay / Google Pay payment sheet is not an iframe.
2/ These payment sheets are provided by Apple/Google, not Stripe.

tawdry forge May 9, 2023, 7:15 AM

#

okay so all these security related vulnerabilities is handled by Apple or google right. Nothing to be taken care from our end correct?

flint sequoia May 9, 2023, 7:17 AM

#

Yes. If you want to know more, I'd suggest you reaching out to Apple and Google directly.

#Arvind hariharan