Page MenuHomePhabricator
Create Task
Maniphest T332890

mask CVV digits on dLocal donation form
Closed, ResolvedPublic
Actions

Description

Numbers entered in the CVV field remain visible; this request is to show asterisks *** instead to increase donor confidence in the security of the form.

Details

SubjectRepoBranchLines +/-
Mask CVV input on DLocal formsmediawiki/extensions/DonationInterfacemaster+2 -1
Customize query in gerrit

Event Timeline

MBeat33 created this task.Mar 23 2023, 2:13 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 23 2023, 2:13 PM
AKanji-WMF moved this task from Triage to Next on the Fundraising-Backlog board.Mar 27 2023, 8:04 PM
AKanji-WMF subscribed.Mar 27 2023, 9:23 PM

Also checking with dLocal as to whether they can enable

Ejegg subscribed.Mar 27 2023, 9:31 PM

Looks like we can solve it for safari & chrome users with some CSS:

{
    -webkit-text-security: disc;
    text-security: disc;
}

https://stackoverflow.com/questions/17769429/get-input-type-text-to-look-like-type-password

Ejegg added a comment.Mar 27 2023, 10:06 PM
In T332890#8731532, @Ejegg wrote:

Looks like we can solve it for safari & chrome users with some CSS:

{
    -webkit-text-security: disc;
    text-security: disc;
}

https://stackoverflow.com/questions/17769429/get-input-type-text-to-look-like-type-password

Not working - we can only pass a certain set of properties listed here: https://docs.dlocal.com/reference/the-fields-object#field-options

I also tried the dotsfont suggestion, and it seems that the '@font-face' definition in the outer frame's dlocal.css does not apply to the iframe, so passing in the font-family of dotsfont just makes the cvv field use the default serif font face.

gerritbot added a comment.Mar 28 2023, 6:35 PM

Change 903742 had a related patch set uploaded (by Ejegg; author: Ejegg):

[mediawiki/extensions/DonationInterface@master] Mask CVV input on DLocal forms

https://gerrit.wikimedia.org/r/903742

gerritbot added a project: Patch-For-Review.Mar 28 2023, 6:35 PM
gerritbot added a comment.Mar 28 2023, 6:53 PM

Change 903742 merged by jenkins-bot:

[mediawiki/extensions/DonationInterface@master] Mask CVV input on DLocal forms

https://gerrit.wikimedia.org/r/903742

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.3; 2023-04-03).Mar 28 2023, 7:00 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 28 2023, 7:10 PM
Ejegg moved this task from Next to Current Sprint on the Fundraising-Backlog board.Mar 28 2023, 7:11 PM
Ejegg added a project: Fundraising Sprint Fish HEAD^.
Ejegg moved this task from Backlog to Pending Deployment on the Fundraising Sprint Fish HEAD^ board.
AKanji-WMF added a project: Fundraising Sprint Go Your Own Pay.Mar 28 2023, 7:57 PM
Ejegg moved this task from Pending Deployment to Done on the Fundraising Sprint Fish HEAD^ board.Mar 28 2023, 8:06 PM
Ejegg closed this task as Resolved.Mar 28 2023, 8:25 PM
Ejegg claimed this task.
Ejegg set Final Story Points to 1.
XenoRyet moved this task from Backlog to Done on the Fundraising Sprint Go Your Own Pay board.Apr 11 2023, 7:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL