Area 51

  • Difficulty is Easy.
  • Pop an alert(1337) on sandbox.pwnfunction.com.
  • No user interaction.
  • Cannot use https://sandbox.pwnfunction.com/?html=&js=&css=.
  • Tested on Chrome.
  • Unintended solution? DM me @PwnFunction.
<!-- Challenge -->
<div id="pwnme"></div>

<script>
    var input = (new URL(location).searchParams.get('debug') || '').replace(/[\!\-\/\#\&\;\%]/g, '_');
    var template = document.createElement('template');
    template.innerHTML = input;
    pwnme.innerHTML = "<!-- <p> DEBUG: " + template.outerHTML + " </p> -->";
</script>