The MesaNet Portal hosts a "Rail Broadcasts" application accessible through a JSON gateway API. A low-privilege operator account can interact with several broadcast endpoints, but a confidential note owned by a privileged automated user sits just out of reach. The challenge requires chaining the broadcast creation pipeline with the automated oversight system to escalate access without ever touching the privileged session directly.
Objective: Create a test broadcast whose `message` field contains HTML markup and verify that the markup is stored verbatim and rendered unescaped when the broadcast is displayed.
Context: You know the bot renders broadcast HTML via `innerHTML`. Now confirm that the `message` field in `/api/rail/create` is the injection point — that whatever HTML you put there survives server-side storage and appears unescaped in the rendered output. Start with a harmless proof like an `<img>` or `<b>` tag before attempting script execution.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
Create a broadcast via the gateway with a simple HTML tag in the `message` field (e.g. `<b>test</b>`). Then fetch that broadcast through `/api/rail/current` or visit `/apps/rail?view=current` in your browser. Does the bold tag render, or is it escaped?
The server interpolates `${message}` directly into the broadcast HTML template without sanitisation. The client-side code then assigns the result to `element.innerHTML`. This is a stored XSS sink — HTML tags in `message` are rendered live in any browser that views the broadcast.
Try `message: "<img src=x onerror=alert(1)>"` with `type: "safety"`, `priority: "high"`, and any timestamp. Send it, then navigate to `/apps/rail?view=current` in your proxied browser. Note: `<script>` tags are stripped by the HTML parser when injected via `innerHTML`, but event-handler attributes on other tags are NOT stripped.