Protect Your Forms from JavaScript Attacks
Any JavaScript on your checkout page can read credit card numbers from standard inputs. One XSS vulnerability, one compromised CDN, one malicious tracker.
The Problem
Right now, JavaScript Attacks can do this on your website:
// JavaScript Attacks captures:
document.querySelector("input[type=password]").value
// "MyBankPassword123" ← captured and stored
With SmartField
JavaScript Attacks still runs. But SmartField fields return only encrypted data:
// JavaScript Attacks captures:
document.querySelector("smart-field").value
// "eyJ2IjoxLCJpdiI6..." ← useless encrypted payload
The screen shows cipher characters: ΣΩΔψξλμπ
Implementation
<script src="https://cdn.smartfield.dev/v1/smartfield.js"></script>
<smart-field type="password" encrypt-key="/api/sf-key"
placeholder="password"></smart-field>
2 lines. Your forms are now invisible to JavaScript Attacks.
Frequently Asked Questions
How does SmartField protect against JavaScript Attacks?+
SmartField stores no real data in the DOM. JavaScript Attacks can only capture cipher characters and encrypted payloads. The real user data is in a WeakMap inside a closed Shadow DOM, invisible to any recording tool.
Do I need to remove JavaScript Attacks from my site?+
No. SmartField works alongside JavaScript Attacks. You keep your analytics. SmartField just ensures sensitive fields are encrypted. JavaScript Attacks records everything except SmartField data.
Is this proven?+
SmartField passed 20/20 automated attack vectors and 15/15 bot attacks (Playwright + Headless Chromium). Four AI models (GPT, Claude, Gemini, Grok) could not read a single character.
Related