# Regular Website | Web

### Solution

From ctf we have got url to website, *package.json* and *server.ts*

##### server.ts  
```ts  
import Router from '@koa/router';  
import Koa from 'koa';  
import koaStatic from 'koa-static';  
import bodyParser from 'koa-bodyparser';  
import { launch } from 'puppeteer';  
import { readFileSync } from 'fs';

const flag = readFileSync("flag.txt", "utf8");  
const verbs = readFileSync("verbs.txt", "utf8").split("\n").map(s =>
s.trim()).filter(s => {  
return s.length > 0 && !s.startsWith("#");  
});

const app = new Koa();  
const browser = launch({args: ["--incognito", "--no-sandbox"]});

const router = new Router();  
router.post("/", async ctx => {  
if (typeof ctx.request.body !== "object") {  
ctx.throw(400, "body must be an object");  
return;  
}  
const text = ctx.request.body.text;  
if (typeof text !== "string") {  
ctx.throw(400, "text must be a string");  
return;  
}

const sanitized = text.replace(/<[\s\S]*>/g, "XSS DETECTED!!!!!!");  
const page = await (await browser).newPage();  
await page.setJavaScriptEnabled(true);  
try {  
await page.setContent(`  
  
<html>  
<head>  
<meta charset="utf-8">  
<title>Comment</title>  
</head>  
<body>  

Welcome to the Regular Website admin panel.

  
<h2>Site Sta