Rating: 5.0
> You stumbled upon someone's "JS Safe" on the web. It's a simple HTML file that can store secrets in the browser's localStorage. This means that you won't be able to extract any secret from it (the secrets are on the computer of the owner), but it looks like it was hand-crafted to work only with the password of the owner...
The challenge consists of a fancy HTML file with a cute but irrelevant animated cube and some embedded JavaScript. Essentially, there is a function call `x(password[1])` that we have to make evaluate to truthy. It's somewhat obfuscated by being all jammed into one line plus a few other more subtle gotchas, including abusing rare JavaScript features and a homograph attack. Keep reading here: https://blog.vero.site/post/js-safe-2