PageSet Best Practices
The PageSet best practices outlines the requirements for using a customized payment window.
As a general rule, all components used in the payment window must be hosted by DIBS. It is therefore not allowed to include code that executes external content, which is not approved by DIBS, since DIBS is responsible for the payment window.
1. External content on the payment page
All recourses used in the page must be hosted in a PCI-certified environment (DIBS). This includes all resources, such as images and style sheets.
Requirement: All resources must be uploaded to DIBS.
Custom forms are not allowed. Forms used to implement the flow between pages in the PageSet should only use the provided [ver form]-tags.
Requirement: Use only [ver form]-tags.
4. Whitelisted CSS
Some CSS functions allow scripting like execution of code and are therefore not allowed.
Requirement: Use only whitelisted CSS.
5. HTML Meta Refresh tags
HTML Meta tags are not allowed since HTML Meta tags can be used to reload the current or a new endpoint and can therefore be used to transport data to external endpoints.
Requirement: Do not use any HTML Meta refresh tags.
Frames are not allowed in the payment pages since they can be used to include content from another endpoint in a HTML page (which may be used to include external untrusted content on the payment page). It is however allowed to include the payment window in a frame on your site.
Requirement: Do not use frames/iframes on the payment pages.
7. Embed or object include tags
Any HTML tags that can be used to include content from an untrusted party can potentially introduce security issues and are therefore not allowed.
Requirement: Do not use any HTML tags that load content from external sources.
Last updated: 2015-12-16 @ 09:59 (CET)