This is the story of how I found and exploited XSS (content injection) in the pgAdmin4 1.3 desktop client. (Before I get too much further if you use pgAdmin 4 go update to 1.4 I'll wait)
This all started the one day when I speculated that pgAdmin 4 was a web application, due to the fact that it zooms in and out like below when I’m trying to use it because part of my hand touches the ridiculously large touchpad on the new MBP. O_o
It took my subconscious about 24 hours to go ...