- Create a JS file which contains <script", "onload=" or "onLoad=" tags
- Go to Resources app and try to upload the file
- Check it fails because the file is "unsecure"
The file is uploaded without restrictions
Upload is aborted
Create the file manually and copy the full code