The following challenge page frames an inner.html page that is vulnerable to XSS. Frame the inner.html page from an attacker page and get JavaScript execution inside of it. Try not to share solutions too publicly. In one week, a writeup will be published as well as a writeup on a vulnerability in an open source library that uses the relevant ideas here to achieve XSS.

Challenge Two

Special thanks to @xssdoctor and @J0R1AN for beta testing and finding unintended solutions.