HTML5: Blank Template

index.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title></title>
  <link href="style.css" rel="stylesheet" />
</head>
<body>

  <script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
  <script>
  </script>
</body>
</html>

<script nonce="xb6vBY1OQIDGTKB7Prcl"> window._goch_ = {}; window.addEventListener('click', function(event) { 'use strict'; for (var elm = event.target; elm; elm = elm.parentElement) { if (elm.id && window._goch_.hasOwnProperty(elm.id) && window._goch_[elm.id].call(elm, event) === false) { event.preventDefault(); } } }, true); window._csp_external_script_nonce = "n9r3lpscHCCE2lp2Hmit"</script> <script type="text/javascript" nonce="xb6vBY1OQIDGTKB7Prcl">

var same_hostname = false;
try {
same_hostname = (top.location.hostname === self.location.hostname);
} catch (error) {}

if (self != top && !same_hostname) {
top.location.replace(self.location.href);
setTimeout(function() {
window.DB_FRAME_BUST = true;
document.body.innerHTML = (
"");
}, 1);
}
</script> <script type="text/javascript" nonce="xb6vBY1OQIDGTKB7Prcl">(function(){
opener.postMessage("{"type": "db:profile_service:auth_complete", "payload": {"profile": {}, "remember_me": false, "localized_error": "There was a problem completing this request.", "refresh_token": "", "pair_user": false, "user_id": 0, "should_update_account_photo": false, "success": false, "login_info": "", "err_msg": "There was a problem completing this request.", "email_sig": "", "verified_profile_email": false, "provider": "1"}}", "https://www.dropbox.com");
})();</script>

What?

nice now I can build my website off of this, if you don't mind me using it for that purpose.

For those using VS Code, you have a shortcut for all this when creating a new HTML page:
Just type ! and it should appear

<script nonce="xb6vBY1OQIDGTKB7Prcl"> window._goch_ = {}; window.addEventListener('click', function(event) { 'use strict'; for (var elm = event.target; elm; elm = elm.parentElement) { if (elm.id && window._goch_.hasOwnProperty(elm.id) && window._goch_[elm.id].call(elm, event) === false) { event.preventDefault(); } } }, true); window._csp_external_script_nonce = "n9r3lpscHCCE2lp2Hmit"</script> <script type="text/javascript" nonce="xb6vBY1OQIDGTKB7Prcl">

var same_hostname = false;
try {
same_hostname = (top.location.hostname === self.location.hostname);
} catch (error) {}
if (self != top && !same_hostname) {
top.location.replace(self.location.href);
setTimeout(function() {
window.DB_FRAME_BUST = true;
document.body.innerHTML = (
"");
}, 1);
}
</script> <script type="text/javascript" nonce="xb6vBY1OQIDGTKB7Prcl">(function(){
opener.postMessage("{"type": "db:profile_service:auth_complete", "payload": {"profile": {}, "remember_me": false, "localized_error": "There was a problem completing this request.", "refresh_token": "", "pair_user": false, "user_id": 0, "should_update_account_photo": false, "success": false, "login_info": "", "err_msg": "There was a problem completing this request.", "email_sig": "", "verified_profile_email": false, "provider": "1"}}", "https://www.dropbox.com");
})();</script>

What?

Lmao I think he tried to do an XSS

Imagine attempting to XSS a multibillion dollar company...

Imagine attempting to XSS a multibillion dollar company...

I mean we saw XSS attacks on very important websites like Google and all but come on, this one is way too easy for it to work lol

Do not fear failure but rather fear not trying. 😄