PageSet Best practices

PageSet Best Practices

The PageSet best practices outlines the requirements for using a customized payment window.

As a general rule, all components used in the payment window must be hosted by DIBS. It is therefore not allowed to include code that executes external content, which is not approved by DIBS, since DIBS is responsible for the payment window.

 

1. External content on the payment page

All recourses used in the page must be hosted in a PCI-certified environment (DIBS). This includes all resources, such as images and style sheets.

Requirement: All resources must be uploaded to DIBS.

 

2. Client side (JavaScript) code

JavaScript in PageSets is not allowed.

Requirement: Do not use JavaScripts on the payment pages.

 

3. FORM-tags

Custom forms are not allowed. Forms used to implement the flow between pages in the PageSet should only use the provided [ver form]-tags.

Requirement: Use only [ver form]-tags.

 

4. Whitelisted CSS

Some CSS functions allow scripting like execution of code and are therefore not allowed.

Requirement: Use only whitelisted CSS.

 

5. HTML Meta Refresh tags

HTML Meta tags are not allowed since HTML Meta tags can be used to reload the current or a new endpoint and can therefore be used to transport data to external endpoints.

Requirement: Do not use any HTML Meta refresh tags.

 

6. Frames

Frames are not allowed in the payment pages since they can be used to include content from another endpoint in a HTML page (which may be used to include external untrusted content on the payment page). It is however allowed to include the payment window in a frame on your site.

Requirement: Do not use frames/iframes on the payment pages.

 

7. Embed or object include tags

Any HTML tags that can be used to include content from an untrusted party can potentially introduce security issues and are therefore not allowed.

Requirement: Do not use any HTML tags that load content from external sources.

 

Last updated: 2015-12-16 @ 09:59 (CET)

Do you have a question or need help?
Follow us
DIBS Payment Services
Stockholm +46 (0)8-527 525 00
Göteborg +46 031-600 800
København +45 7020 3077
Oslo +47 21 55 44 00