Writeup for SafePaste from BITSCTF 2026. A hard web challenge escaping DOMPurify via server-side mXSS and String.prototype.replace() template injection.
