The Scenario
Palisade rents mountaineering kits. The dev wrote a case-sensitive string replace to strip "<script". He shipped it at 11pm the night before a demo. Nothing blew up. Yet.
Challenge Intel
Synopsis
Tags in HTML aren't case-sensitive. The filter is.
What It Is
A PHP rental site with a naive case-sensitive string filter.
Who It's For
First exposure to 'the filter is case-sensitive' as a class of bug.
Skills You'll Practice
- Understanding HTML case-insensitivity
- Reading the filter's exact rule, not its intent
What You'll Gain
- Confidence that mixed-case inputs often bypass string filters