CODEWITHSUNDEEP
javascriptjquerysecuritystripe-payments
Chinsky
Chinsky

Reputation: 65

Save credit card number on javascript variable

I was wondering if it was safe to do the following:

I have a multi-page form (done with jquery so there are no server requests in between pages).

On the second page the user inputs his credit card information. On the third (last) page the user confirms all information entered on the previous two pages (like a summary).

When the user clicks on the next button on page two, the following script runs: 

$("#payment-next").click(function(){
    var ccNumber = $("#card_number").val();
    //If credit card invalid
    if(!Stripe.card.validateCardNumber(ccNumber)){
      //Throw error 
    }
});

The ccNumber variable is also used on page three where all the information is confirmed.

Is it correct and secure to store the credit card number on the ccNumber variable? Where is that variable stored?

Upvotes: 0

Views: 1302

Answers (2)

fbelanger
fbelanger

Reputation: 3568

Can't really do that much about client side, so long as it's asyn I suppose and that you do not have name attributes on the inputs.

I really wouldn't make it global, and please look into Stripe.js.

https://stripe.com/docs/custom-form

https://stripe.com/docs/stripe.js/switching.

Upvotes: 1

Ilia Ivanov
Ilia Ivanov

Reputation: 84

You can store it in variable if you do not reload page, and it's safe as will never go to network. However you declared ccNumber inside click function, outside of it the variable will not exists. Use global declaration like this:

var ccNumber;
$("#payment-next").click(function(){
   ccNumber = $("#card_number").val();
  //If credit card invalid
   if(!Stripe.card.validateCardNumber(ccNumber)){
      //Throw error 
    }
});
// here and after ccNumber will be filled after every click you can check by console.log(ccNumber)

Upvotes: 1

Related Questions