@jorianwoltjer.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Jorian

jorianwoltjer.com

did:plc:3ffrnqiish5sra3vcmrjox72

Just found an interesting way to bypass some nonce-based CSPs and made a small XSS challenge with an exploitable scenario. See if you can find it before I tell! Source JS: https://gist.github.com/JorianWoltjer/744d8877184481079b4e219a7239d193 URL: greeting-chall.jorianwoltjer.com Found a solution? Please DM to avoid spoilers, thanks!

2025-06-30T06:34:00.940Z