We bypassed addslashes() by exploiting the discrepancy between server and client side character encodings to obtain an unintended XSS in the main page of the application.

Original writeup (https://w0y.at/writeup/2020/12/08/pbctf-2020-ikea-name-generator.html).