Xss

InnerHTML

drag_indicator

info

drag_indicator

inputs

drag_indicator

inspect

No script allowed

<script></script> script tags do not work when added via innerHTML, can you find another way to trigger an XSS ?

Goal: alert(flag)

Hints

Solution

drag_indicator

waf

INPUT

OUTPUT

drag_indicator

code

drag_indicator

result