I'd be super leery about using an iframe in general. I know there's some mucking around with CORS/Same Origin Policy to go through, but once that's done it's very easy for the parent page to do whatever it wants to the data found inside. The golden boy for submitting crypto payments right now is probably Metamask, which is either built into the browser or run as an extension for complete isolation.
You are viewing a single comment's thread from: