Your raw payload

[XSS]

inject

src

<?php
$eq 
rand(0100) . "+" rand(0100);
$random1 rand(0100000000000);
$random2 rand(0100000000000);
$escaped preg_replace("/[`$<>]/"""$_GET['payload']);
?>
<head>
    <meta http-equiv="Content-Security-Policy" content="script-src 'strict-dynamic' 'nonce-<?= $random1 ?>' 'nonce-<?= $random2 ?>'">
    <script src="hook.js" nonce="<?= $random2 ?>"></script>
</head>
<body>
    <script nonce="<?= $random1 ?>">
     window.addEventListener("load", function(){
         var input = `<?= $escaped ?>`;
         window.injectarea.innerHTML = `${input} is your payload; could you execute a script? :-)`
     });
    </script>

    <h1> Your raw payload </h1>
    <?= $_GET['payload'?>
    <div id="injectarea"></div>    
    <h1> inject </h1>
    <form>
        <textarea id="payload" name="payload" placeholder="your payload here"></textarea>
        <input type="submit" value="GO">
    </form>
    
    <h1> src </h1>
    <?php highlight_string(file_get_contents(basename(__FILE__))); ?>
</body>