CTFNote is a collaborative tool aiming to help CTF teams to organise their work. This tool helps making notes during CTFs, so you can track your CTF notes at a later time. This is similar to the CTF pad seen in one of the video's of Liveoverflow.
GNU General Public License v3.0
9
stars
2
forks
source link
Serve hotkeys-iframe.js from a path from Hedgedoc to circumvent CSP #87
The Hedgedoc CSP is a good thing to have enabled.
But it breaks the JS injection done by CTFNote.
So now we just lie to the frontend that the file is hosted by Hedgedoc while it actually is hosted by CTFNote.
This should circumvent the CSP and allow script execution inside the iframe, even when the CSP is enabled.
The Hedgedoc CSP is a good thing to have enabled. But it breaks the JS injection done by CTFNote. So now we just lie to the frontend that the file is hosted by Hedgedoc while it actually is hosted by CTFNote.
This should circumvent the CSP and allow script execution inside the iframe, even when the CSP is enabled.