A Node.js app renders user input through the Pug template engine without sanitisation. Inject a template expression to execute server-side code and read the flag.
