Closed
Bug 287092
Opened 19 years ago
Closed 19 years ago
Detect insecure fill-in/submission of CC numbers
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: gerv, Unassigned)
References
()
Details
We should warn the user, either using a yellow info bar or a local popup, when they type a number into an insecure form which passes a CC number validity check (see URL and other resources on the web). Rationale: this is another bit of anti-phishing bar-raising, and user protection. If we check submitted values, it's possible that a page author may use JavaScript to scramble the values before submission. So we may want to run the checking code onblur, and warn the user at that point. Some sites use four separate boxes for the CC number; I'm not sure what we can do about that. Still, if the original site used a single box and the phishing site used four, that's another potential bit of difference a user might notice. Gerv
Comment 1•19 years ago
|
||
Is this something you want as part of _Gecko_, or as part of the app? The app can already register as a form submit observer if it wishes.... And certainly Gecko is not going to be running random onblur handlers on everything in sight.
Reporter | ||
Comment 2•19 years ago
|
||
Actually, even typing your numbers into a dodgy site could be enough to have them captured. You don't need a form submission. The site could send each character to the server as it's typed using XMLHttpRequest. There's not much we can do about this. IMO, a better approach is for the browser to have a heuristic-based phishing detector, and if it's suspicious of a site, disable all form controls until the user has followed the procedure to dismiss the yellow bar and enable them. There are other bugs about this topic. Gerv
Comment 3•19 years ago
|
||
OK. So should I just go ahead and wontfix this bug then? Doesn't sound like we plan to add anything like this to Gecko...
Reporter | ||
Comment 4•19 years ago
|
||
Yeah. This is the wrong approach. Gerv
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Updated•5 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•