Immediately after switching the page, it will work with CSR.
Please reload your browser to see how it works.

Source:https://github.com/SoraKumo001/next-streaming

⬅️ Common Google XSS
benregenspan 12 daysReload
Very nice write-up, I like that you covered all the steps including initial research that led you to the target *.googleapps.com site.
acer4666 12 daysReload
Does this JavaScript run in the same origin as the Google domain? Surely this is just an open redirect rather than xss?
purple-leafy 12 daysReload
That’s awesome, I hope to collect a Google bug bounty one day
yagop 12 daysReload
What is the "Easter egg in this article"?
acoyfellow 12 daysReload
3,133.7 is a great reward!