Challenge
This is the script that violates the web
1
2
3
4
5
6
7
<!-- Challenge -->
<div id="uganda"></div>
<script>
let wey = (new URL(location).searchParams.get('wey') || "do you know da wey?");
wey = wey.replace(/[<>]/g, '')
uganda.innerHTML = `<input type="text" placeholder="${wey}" class="form-control">`
</script>
Solution
In this challenge we see that the code removes the <> and that everything we enter is entered in an input so we will take advantage of that to enter a script that is activated when it focuses and with autofocus as soon as the page loads it will be runned
Creator solution
The solution given by the creator of the game is as follows
"onfocus=alert(1337) autofocus="