1 <body onload="document.getElementById('dummy').focus();"> 2 <iframe src="data:text/html,<body onload='document.getElementsByTagName("input")[0].focus()'><input></body>" id=victim name=victim> 3 </iframe> 4 <script> 5 6 var cur_pos = 0; 7 8 function maybe_redirect(e) { 9 var evt = window.event ? event : e; 10 var cc = evt.charCode ? evt.charCode : evt.keyCode; 11 12 document.getElementById('victim').focus(); 13 frames['victim'].focus(); 14 15 document.getElementById('dummy').value += String.fromCharCode(cc).toLowerCase(); 16 17 setTimeout('focus();document.getElementById("dummy").focus()',1); 18 } 19 20 21 </script> 22 <p>Type some text. It should only appear in the below input field.</p> 23 <input type=text onkeydown="maybe_redirect(event)" id=dummy> 24 </body> 25
