nrh-cklimas | Stripe Developers | Page 1

hollow brambleBOT May 23, 2023, 7:33 PM

#

grave gorge May 23, 2023, 7:33 PM

#

Do you have specific concerns?

fallen wasp May 23, 2023, 7:35 PM

#

our use case is we allow our users to customize the page that a Payment Element appears on in a limited way. It should just be cosmetic stuff like fonts and colors but we want to lock it down as much as possible. wondering for example if...

we should put the Payment Element on a dedicated page that our users have no customization ability around
we should isolate it from the rest of the page in some other way

#

We're not concerned about Stripe itself being insecure, we just want to isolate it from other content to the degree that's feasible, if that makes sense.

hollow brambleBOT May 23, 2023, 7:45 PM

#

sharp coral May 23, 2023, 7:58 PM

#

The PaymentElement is rendered inside an iframe, so it is typically running in an isolated environment

fallen wasp May 23, 2023, 8:00 PM

#

d'oh! I missed the iframe in the element inspector.

#

that answers my question, thanks

#nrh-cklimas