It worked!
https://nostrsites.com/note15rldjrme4kzx0wxmjmksc62spt9j0y0t9j0a6v0py86n9c4fc5eqzv8kcl
Discussion
Was about to file a bug report for XSS but I’m sure you’re already aware. 😂
Fwiw, I think this is a terrible idea as RCE is never good.
I have thought about this, but I’m not really sure what maliciousness could be done with JavaScript contained on a single webpage. If I had a login option on every user-generated page, I could see an issue, but is there anything that would make a Nostr Sites page dangerous? I was thinking at least every page is open source and the code is available on nostr
Tttttrrrruuuueeeee. And you’re already trusting other peoples JS when browsing everywhere else.