Xss

HTML parser

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

JS context

Does this protection is enough to protect you against XSS ?

spoiler: it's not

Goal: alert(flag)

Hints

Solution

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result