First we noticed that the HTPL code we wrote renders via `innerHTML`, but the strict CSP makes it unexploitable.
So let's turn to the HTPL part. The HTPL code's compilation is based on ast, which supports only a few nodes: io, array, function, literals, binary and unary operators, assignments and control flows.
But it did not support to get elements from an array or something like . operator to access attrs. And we could not make such a function via a valid HTPL.
- `/* */`