|
|
|
|
|
|
by nadaviv
4063 days ago
|
|
|
> the iFrame is in it's own Javascript "domain" so that if your site is infected with malicious javascript it can't take over the POST to stripe as easily (although that is debatable). A malicious attacker could simply replace the entire iframe with something else that looks identical, but sends a copy of the CC details to some other server. |
|
|