Hi,
I am wondering if question 11 of exercise 6 is solvable. I tried all the ways I could come up with but am not able to get a detectable difference. I also tried the leaks from XSinator without any luck. For example, directly calling the resource with the fetch API is only possible with mode no-cors. Then no meaningful data is returned to get the difference. Adding an element to the page and using the onload/onerror handlers to differentiate if the url may be correct or not also doesn't work. Using an iframe, it always returns the onload method (the documentation also describes it like this). Using an object, it always returns the onerror method. Other HTML tags demonstrated in the lecture worked even less for me.
I am out of ideas how to detect the difference when incrementally trying out if a letter is the next character of the correct flag. So I just wanted to make sure that there is a way to solve this question using a current browser.
Thanks and best regards.