Closed weizman closed 1 year ago
CTX https://github.com/LavaMoat/snow/issues/129#issuecomment-1640046142
Fix: xss challenge page counts on the ability to run javascript: code, but the new demo app does not allow unsafe-inline so i had to come up with different tricks for the demo app to work.
javascript:
unsafe-inline
CTX https://github.com/LavaMoat/snow/issues/129#issuecomment-1640046142
Fix: xss challenge page counts on the ability to run
javascript:code, but the new demo app does not allowunsafe-inlineso i had to come up with different tricks for the demo app to work.