In 2018, I wrote an article about CSS keylogger: attack and defense after seeing related discussions on Hacker News. I spent some time researching it.
Now, four years later, I have re-examined this attack technique from a security perspective and plan to write one or two articles to explain CSS injection in detail.
This article covers:
- What is CSS injection?
- The principle of stealing data with CSS
- How to steal data from hidden input
- How to steal data from meta
- Using HackMD as an example