prevent_lucy_from_collecting_passwords_in_form_submits
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
prevent_lucy_from_collecting_passwords_in_form_submits [2017/08/21 11:29] – [Option 2: collect full usernames, but only first three letters of the password] lucy | prevent_lucy_from_collecting_passwords_in_form_submits [2021/08/12 23:27] – lucy | ||
---|---|---|---|
Line 21: | Line 21: | ||
</ | </ | ||
+ | ===== Option 2: Do not collect any data ===== | ||
+ | To exclude the credentials from the POST request one should empty the name attribute of the login and password fields. So the form on index.html will look as follows: | ||
- | ===== Option | + | <form action="? |
+ | <input class=" | ||
+ | <input class=" | ||
+ | In that case neither user login nor password will leave the victims browser. | ||
+ | |||
+ | ===== Option | ||
{{ 3letters_.png? | {{ 3letters_.png? | ||
Line 28: | Line 35: | ||
(1) Append onsubmit=" | (1) Append onsubmit=" | ||
- | < | + | |
- | function on_submit() | + | function on_submit() |
- | { | + | { |
- | var pass = document.getElementById(' | + | var pass = document.getElementById(' |
- | | + | document.getElementById(' |
- | return true; | + | return true; |
- | } | + | } |
- | </ | + | </ |
+ | |||
+ | |||
+ | Here is the full HTML code of the web based scenario "Ipad Mini Promotion": | ||
+ | |||
+ | < | ||
+ | <html lang=" | ||
+ | < | ||
+ | <meta charset=" | ||
+ | < | ||
+ | <link href="/ | ||
+ | </ | ||
+ | < | ||
+ | <div id=" | ||
+ | <div id=" | ||
+ | <!-- The form --> | ||
+ | <div id=" | ||
+ | <form action="? | ||
+ | <div class=" | ||
+ | <div class=" | ||
+ | <div class=" | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | <div id=" | ||
+ | <p>We are happy to announce a special promotion together with our partner "NCC II supplies" | ||
+ | <br /> | ||
+ | The promotion is open to all employees of company X.& | ||
+ | </ | ||
+ | <div id=" | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | function on_submit() | ||
+ | { | ||
+ | var pass = document.getElementById(' | ||
+ | document.getElementById(' | ||
+ | return true; | ||
+ | } | ||
+ | </ | ||
+ | </ |
prevent_lucy_from_collecting_passwords_in_form_submits.txt · Last modified: 2022/04/07 19:59 by lucy