Skip to content

Instantly share code, notes, and snippets.

Created March 23, 2022 17:33
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save kieranbarker/b95b591f24f5eefb3ba205e9e6e857bf to your computer and use it in GitHub Desktop.
A simple demo of a cross-site scripting (XSS) attack.
<!DOCTYPE html>
<html lang="en">
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
document.body.innerHTML = `
onerror="document.addEventListener('keydown', event => console.log(event.key))"
Copy link

Open this HTML file in your browser and have a look at the JavaScript console. Every time you press a key, it will be logged to the console! Now imagine if, instead of just logging it to the console, the attacker sent everything you typed to a remote server...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment