From Intigriti challenge to a Vue.js script gadget

Intigiriti’s November challenge by IvarsVids was about a Vue.js one-pager that reflected user input with some replacements. After visiting the challenge homepage at we quickly notice it reflects s query parameter not escaping HTML less than and greater than signs resulting in HTML injection.