This is the demo page for our brand new and perfectly secure HTML sanitizer. With this sanitizer, harmful scripts remove themselves. If you can find a bypass, we will reward you with a valuable flag.

Here's how you can participate in the game. First, find a HTML payload that exfiltrates the 'flag' cookie from this page to your server. Next, submit your payload, and we will test it in our Chrome browser on this page. In our browser, we have set the 'flag' cookie to the secret value. If your solution is correct, you get the flag on your server.

Oh, and one more thing. There are no hidden files or APIs on the server, and the only non-static content is the solution submission logic.

Input HTML code

Sanitized HTML

Rendered sanitized HTML