Xss

InnerHTML

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

No script allowed

<script></script> script tags do not work when added via innerHTML, can you find another way to trigger an XSS ?

Goal: alert(flag)

Hints

Solution

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result