xss-csp

introduction

the future of XSS is the CSP.

writeup

• https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html
• https://blog.deteact.com/csp-bypass/
• https://medium.com/bugbountywriteup/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5

hackeorne report

• https://hackerone.com/reports/47472
• https://hackerone.com/reports/153666
• https://hackerone.com/reports/199779
• https://hackerone.com/reports/241192
• https://hackerone.com/reports/250729

CSP check weakness

• https://csp-evaluator.withgoogle.com/