The invoiceAmount is dangerous because this is provided by the user's browser. Merchants cannot depend on this information. Malicious user can set invoiceAmount to be really small, and if the merchant uses it for verification they will ship the item.
The
invoiceAmount
is dangerous because this is provided by the user's browser. Merchants cannot depend on this information. Malicious user can setinvoiceAmount
to be really small, and if the merchant uses it for verification they will ship the item.