Beyond the Canvas: Exploiting an Unsanitized Side-Channel in draw.io

I don't usually write about my web findings, but I felt this one needed to be documented as a reminder for my future self too. My initial mistake was tunnel-visioning on a direct bypass of the main sa