Create 06_xss_demo.md

2026-06-01 16:39:42 +00:00 · 2026-04-14 20:06:01 +02:00
parent efb2b480f8
commit d0da303003
1 changed files with 25 additions and 0 deletions
@@ -0,0 +1,25 @@
+# XSS/CSP Demo
+
+## Environment
+Demo App -> [Addressbook](enable_php.md)
+
+## Demo
+check that csp is not set in nginx
+
+## Browser
+add following name & press "Speichern":
+
+```html
+Charlie <div id="out"></div><script>document.onkeypress = function(e) {document.getElementById('out').innerHTML += e.key};</script>
+```
+
+and now type on your keyboard...
+
+## CSP
+set CSP in nginx config
+
+```nginx
+add_header Content-Security-Policy "default-src 'self'; script-src 'self';" always;
+```
+
+repeat the Demo.