By abstracting HTML, browser flaws (duplicate form submissions) and form validation, it provides a comfortable way to obtain reliable and validated data from users.

This attack illustrates the abuse of trusted domains, the practice of server-side phishing email validation ... JavaScript code will automatically extract and insert that email into the form.