- Please enter some HTML. It gets sanitized and shown in the iframe.
- The task is: execute alert(1) (it must actually execute so you have to bypass CSP as well).
- The solution must work on current version of at least one major browser (Chrome, Firefox, Safari, Edge).
If you find a solution, please DM me at Twitter: @SecurityMB.
- The challenge is over! @terjanq made a great write up!
Length of the solution URL: