External JavaScript Demo page

This is a simple login page to demonstrate security implications of third party javascript. Do not enter any sensitive information or real credentials.

The form doesn't actually send entered credentials anywhere. Instead, this page initiates dynamic javascript file load. This external javascript can do whatever it likes with the information entered on the page, including user entered credentials on the login form. This means that the external javascript can for example snoop login credentials and harvest them for later use.

Try this:

  1. First, enter imaginary credentials and click send. Nothing happens.
  2. Second, press the button "load external js". External file will be loaded.
  3. Click submit again.
  4. Take a look at the "control information box" below.

Make note that the external javascript file could do anything with harvested information. It could send entered credentials to which ever server for later use.

You can also follow the progress of file loads on the developer console of your browser. On Mac&Safari, press alt-cmd-i.

# Control information will be displayed here.