CPC G06F 21/6209 (2013.01) [G06F 21/606 (2013.01); G06F 21/6245 (2013.01); G06F 21/64 (2013.01)] | 20 Claims |
1. A computer-implemented method for dynamic formjacking protection, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
identifying a sensitive data input field element on a webform loaded in a browser;
creating a secure isolated container overlaid on the identified sensitive data input field element;
collecting, via the secure isolated container, real input data intended for the sensitive data input field element;
inserting dummy data into the sensitive data input field element in response to collecting the real input data;
intercepting a form submit request from the webform to a destination, wherein the form submit request is prevented by the secure isolated container from including the real input data;
determining whether the destination is a trusted destination;
when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination; and
sending the form submit request to the destination.
|