javascript - How to post "amount" variable in a Braintree JS secure custom form? -

is possible send amount @ same time payment form when using braintree? braintree guide explicitly says:

"make sure don't include name attributes in form elements. if form accidentally submitted , name attributes present, sensitive data can reach server."

so if using simple implementation in html:

<form id="checkout" action="/your/server/endpoint" method="post">    <input data-braintree-name="number" value="4111111111111111">    <input data-braintree-name="expiration_date" value="10/20">    <input type="submit" id="submit" value="pay"> </form> 

and python endpoint looks this:

@app.route('/payment', methods=['post']) #@cross_origin() def do_payment():  nonce = request.form["payment_method_nonce"] result = braintree.transaction.sale({ "amount": amount, "payment_method_nonce":nonce, "options": {     "submit_for_settlement": true     } }) 

`

is possible send amount in post without messing encryption credit card information ? or need implement second ajax callback post , persist somehow in python backend or implement som kind of sessions handling in flask ?

what alternatives , best practice ? fyi: works (if setting amount static "10" instance, thing missing amount variable in backend since can't send using payment form submit.

_{i work @ braintree. if have more questions, suggest reach out our support team.}

it looks you're using cse, deprecated integration method. recommend follow braintree docs , use v.zero instead.

if put amount in form, user can change value whatever want. isn't intended behavior, don't want amount part of form. instead, include hidden field identifier item they're purchasing, or that.

the recommendation not use name on form fields applies fields sensitive information you're intending encrypt. it's fine include name on fields don't contain sensitive data.