### The challenge

https://www.turb0.one/pages/Challenge_Two:_Stranger_XSS.html

We are given a frameable target page on this address `https://www.turb0.one/files/9187cc52-fd4d-49c6-a336-0ce8b5139394/xsschal2minimal/inner.html`.

The page loads three scripts

“`

“`

### Summary

– We can use object recursion to have an assignment of an attribute overwrite itself
– We can bypass CSP by writing a payload into the DOM of another same-origin window

Bonus: given our newfound knowledge, we could also solve the challenge in other ways. Try to understand why this works.

“`

“`

And then this modification was created by Turb0 himself after I first sent my solution

“`

“`