如何确保无法从JavaScript访问Stripe信用卡号?
创建条纹自定义表单。
<form action="/payment/post" method="post">
@Html.AntiForgeryToken()
<div class="row">
<div class="field">
<input type="text" asp-for="firstName" id="FirstName" name="FirstName" value="AB" />
</div>
</div>
<div data-locale-reversible>
<div class="row">
<div class="field">
<input id="payment-name" data-tid="form.name_placeholder" class="input empty" type="text" placeholder="@Model.name" required="">
<label for="payment-name" data-tid="form.name_label">Cardholder Name</label>
<div class="baseline"></div>
</div>
</div>
</div>
<div class="row">
<div class="field">
<div id="payment-card-number" class="input empty"></div>
<label for="payment-card-number" data-tid="form.card_number_label">Card number</label>
<div class="baseline"></div>
</div>
</div>
提交表格时: 我选择名字并尝试读取卡号(不应允许)
$.ajax({
type: "POST",
url: '/payment/post',
data: JSON.stringify({
name: name.value,
token: result.token.id,
firstName: $("#FirstName").val(),
cardNumber: $("input[name='payment-card-number']").val() **I know that it is not posted to server, for understanding purposes, how it ensured**
}),
编辑: 在检查卡号输入文本框中。我注意到,支付卡号输入元素是由Stripe js生成的。
<input type="tel" autocomplete="cc-number" autocorrect="off" spellcheck="false" name="payment-card-number" class="InputElement is-complete" aria-label="Credit or debit card number" placeholder="1234 1234 1234 1234" aria-placeholder="1234 1234 1234 1234" aria-invalid="false" value="5555 5555 5555 4444">
Stripe库是否已经以某种方式实施了它?那是什么 方法。
条纹V2 Api不需要IFrame,但是V3需要IFrame(不能肯定地说,但是我看过的所有示例都需要IFrame)。这是强制的方式吗?