1<body onload="document.getElementById('dummy').focus();"> 2<iframe src="data:text/html,<body onload='document.getElementsByTagName("input")[0].focus()'><input></body>" id=victim name=victim> 3</iframe> 4<script> 5 6var cur_pos = 0; 7 8function maybe_redirect(e) { 9 var evt = window.event ? event : e; 10 var cc = evt.charCode ? evt.charCode : evt.keyCode; 11 12 document.getElementById('victim').focus(); 13 frames['victim'].focus(); 14 15 document.getElementById('dummy').value += String.fromCharCode(cc).toLowerCase(); 16 17 setTimeout('focus();document.getElementById("dummy").focus()',1); 18} 19 20 21</script> 22<p>Type some text. It should only appear in the below input field.</p> 23<input type=text onkeydown="maybe_redirect(event)" id=dummy> 24</body> 25