Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
const sanitized = DOMPurify.sanitize(input.value);
const html = `
<meta http-equiv=Content-Security-Policy content="script-src https://pastebin.com/how-can-i-escape-this/ 'nonce-xyz' https://securitymb.github.io/xss/1/modules/v20190816/">
<h1>Homepage!</h1>
<p>Welcome to my homepage! Here are some info about me:</p>
${sanitized}
<script nonce=xyz src="./main.js"><\/script>
`;
iframe.srcdoc=html;
len.textContent = location.href.length;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment