Ankur Sundara
Ankur Sundara
**Environment**: - CTFd Version/Commit: 3.5.0 - Operating System: any - Web Browser and Version: any **What happened?** The Yaffle/EventSource polyfill contains code that pops an alert with some message about...
**Environment**: - CTFd Version/Commit: 3.5.0 - Operating System: any - Web Browser and Version: any **What happened?** Clicking on a hint while being signed out does absolutely nothing. This makes...
``` function subCall(uint a, uint b) public pure returns(uint) { return sub({arg2: b, arg1: a}); } function sub(uint arg1, uint arg2) public pure returns(uint) { return arg1 - arg2; }...
You can do it in 5 :)
Not sure if this is intended behavior, but in the previous build of ctfcli, when in a challenge directory, running `ctf challenge sync` or `ctf challenge install` would sync/install that...
What are the current plans for the `image` field in the chal spec? One thing to keep in mind for deployment is that some chals might want multiple containers e.g....
### Issuer Name HeatToken ### Origin https://token.hc.lc ### Contact Email [email protected] ### Key Commitment Endpoint URL https://token.hc.lc/key-commitment ### Purpose Offering credential management and private state tokens as a service ###...
If nutshell processes on untrusted (but sanitized) content, there are some XSS vulnerabilities: e.g. ```html :test<img src=x onerror=alert(1)> ``` gets transformed to ```html test ``` there's also xss with untrusted...
### MDN URL https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/execution-while-not-rendered ### What specific section or headline is this issue about? Browser Compatibility ### What information was incorrect, unhelpful, or incomplete? the `execution-while-not-rendered` and `execution-while-out-of-viewport` permission policy...