The rules

(1)Execute alert('anything') on this domain via GET xss parameter in Chrome43+;

The Nonce

Dangerous??A big free bypass¡­¡­for you¡­¡­