XSS Escape — Breaking Out of a Script String Context
Escape a JavaScript string context inside a script tag by injecting a closing script tag that the sanitizer fails to block.
Javascript
Just a Reminder — Obfuscated JS Secret Key Recovery
The login form runs client-side JS. Deobfuscating or inspecting it reveals a hardcoded secret key used to AES-decrypt the flag — the key is plaintext at the top of the obfuscated script.