Skip to content

Instantly share code, notes, and snippets.

@terjanq
Created Sep 23, 2019
Embed
What would you like to do?
XSS Challenge DOM Clobbering
window.CONFIG = window.CONFIG || {
version: "v20190816",
test: false,
appName: "XSS Challenge",
}
function loadModule(moduleName) {
const scriptSrc = new URL(document.currentScript.src);
let url = '';
if (CONFIG.test && window.testPath) {
url = window.testPath.protocol + '//' + window.testPath.host;
} else {
url = scriptSrc.origin;
}
url += `/xss/1/modules/${CONFIG.version}/${moduleName}.js`;
const sc = document.createElement('script');
sc.src = url;
document.body.appendChild(sc);
}
loadModule('h1-magic');
loadModule('tracker');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment