Root-Me Web client challenges¶ Puzzle with: HTML disabled buttons Javascript authentication Javascript source Javascript native code XSS stored 1 CSP bypass inline CSRF: zero protection