CTFNote is a collaborative tool aiming to help CTF teams to organise their work. This tool helps making notes during CTFs, so you can track your CTF notes at a later time. This is similar to the CTF pad seen in one of the video's of Liveoverflow.
Since the iframe is hosted on the same domain as the parent iframe, we can freely inject anything we want in the iframe. Therefore, we can control script execution and we use that to inject a specially crafted hotkeys-iframe.js file. This sounds like an exploit, but actually it is just the hotkeys-js library code together with a simple ctrl+k, command+k shortcut definition that posts a message to the parent frame that the search dialog should be shown. The parent will now act accordingly.
Therefore, the search dialog shortcuts now also work on the Hedgedoc iframe pages.
Since the iframe is hosted on the same domain as the parent iframe, we can freely inject anything we want in the iframe. Therefore, we can control script execution and we use that to inject a specially crafted hotkeys-iframe.js file. This sounds like an exploit, but actually it is just the hotkeys-js library code together with a simple
ctrl+k, command+kshortcut definition that posts a message to the parent frame that the search dialog should be shown. The parent will now act accordingly.Therefore, the search dialog shortcuts now also work on the Hedgedoc iframe pages.