From dfe7f4a568ebd1789b82ad9414e94900eb405bd1 Mon Sep 17 00:00:00 2001
From: bpetschowitsch <bernhard.petschowitsch@hochschule-burgenland.at>
Date: Thu, 16 Apr 2026 15:15:05 +0200
Subject: [PATCH] Create 06_xss_demo.md

---
 06_xss_demo.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 06_xss_demo.md

diff --git a/06_xss_demo.md b/06_xss_demo.md
new file mode 100644
index 0000000..f4b6281
--- /dev/null
+++ b/06_xss_demo.md
@@ -0,0 +1,25 @@
+# XSS/CSP Demo
+
+## Environment
+Demo App -> [Addressbook](enable_php.md)
+
+## Demo
+check that csp is not set in nginx
+
+## Browser
+add following name & press "Speichern":
+
+```html
+Charlie <div id="out"></div><script>document.onkeypress = function(e) {document.getElementById('out').innerHTML += e.key};</script>
+```
+
+and now type on your keyboard...
+
+## CSP
+set CSP in nginx config
+
+```nginx
+add_header Content-Security-Policy "default-src 'self'; script-src 'self';" always;
+```
+
+repeat the Demo.
\ No newline at end of file