.. / doomcaptcha

Star Fork

Captchas don’t have to be boring.

Latest

<img> @name @label ⏱️ before-load

• The DoomCaptcha library uses the document.currentScript property to load additional scripts.

  <!-- user input -->
  <img name="currentScript" label="<script>alert(document.domain)</script>">
  
  <script src="https://vivirenremoto.github.io/doomcaptcha/script.js?version=16"></script>

  Preview Copy

var captcha_label = document.currentScript.getAttribute('label');

// [...]

var captcha_html = '';
if (captcha_label) {
    captcha_html = '<p>' + captcha_label + '<br>';
}

// [...]

document.write(captcha_html);

Related links:

• https://github.com/jackfromeast/dom-clobbering-collection/blob/main/domc-gadgets/doomcaptcha.md
• https://jackfromeast.github.io/assets/DOMinoEffect.pdf

Found by jackfromeast, ishmeals.

Source | History