Avoid leaking sensitive data, remove "name" attribute from form fields
Opened this issue ยท 0 comments
alexsegura commented
Hi! Thank you for this component ๐
When using credit card forms, generally it's a good idea to avoid sending sensitive data to own servers (unless you are PCI/DSS compliant). Currently, the component adds a name
attribute to all fields, making it possible to send credit card information to own servers by mistake.
IMHO, adding the name
attribute should be opt-in only, for example like this:
getCardNumberProps({ withNameProp: true })
What do you think? This would be a breaking change, requiring a major version bump.