- Find a Unicode character such that when
.toLowerCase is called on it, it expands to 2 characters instead of 1.
- Use this character to bypass the length check and exploit the buffer overflow to overwrite
- Set the function pointer to point to
censor as the function to be called, bypassing the XSS check.