Y
Hacker News
new
|
ask
|
show
|
jobs
by
homakov
4469 days ago
No, since there's no way to check iframe's domain I don't think it can be fixed
for iframes
.
They should stop asking for user's password right there, because it makes people trust
any iframe
1 comments
fatbat
4469 days ago
Maybe they can force login via their main site first. Lousier user experience though.
link
moe
4468 days ago
Lousy user experience is not being able to verify what site I'm about to enter my payment credentials into.
link
pbreit
4468 days ago
It would be a terrific experience if there was no reason to worry.
link