terjanq/injection_point.js

## injection_point.js
const sanitized = DOMPurify.sanitize(input.value);

const html = `
  <meta http-equiv=Content-Security-Policy content="script-src https://pastebin.com/how-can-i-escape-this/ 'nonce-xyz' https://securitymb.github.io/xss/1/modules/v20190816/">
  <h1>Homepage!</h1>
  <p>Welcome to my homepage! Here are some info about me:</p>
  ${sanitized}
  <script nonce=xyz src="./main.js"><\/script>
`;

iframe.srcdoc=html;
len.textContent = location.href.length;
	const sanitized = DOMPurify.sanitize(input.value);

	const html = `
	<meta http-equiv=Content-Security-Policy content="script-src https://pastebin.com/how-can-i-escape-this/ 'nonce-xyz' https://securitymb.github.io/xss/1/modules/v20190816/">
	<h1>Homepage!</h1>
	<p>Welcome to my homepage! Here are some info about me:</p>
	${sanitized}
	<script nonce=xyz src="./main.js"><\/script>
	`;

	iframe.srcdoc=html;
	len.textContent = location.href.length;