I mean here in the example it's easy to spot, because it's not much code to scan, but in a real world project, it might not be that easy to spot after scanning hundreds lines of code.
There's really not much you can do except keeping a close eye on your site's network requests.
Even there, you need to ensure the domain will be rendered as punycode in the network tab.
To check it in the network tab also implies you are running the code, which is quite unsafe for malware, it may already be too late if the malware can execute itself.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Good description. :)
I mean here in the example it's easy to spot, because it's not much code to scan, but in a real world project, it might not be that easy to spot after scanning hundreds lines of code.
There's really not much you can do except keeping a close eye on your site's network requests.
Even there, you need to ensure the domain will be rendered as punycode in the network tab.
To check it in the network tab also implies you are running the code, which is quite unsafe for malware, it may already be too late if the malware can execute itself.