bypass CSP

the future of XSS is CSP.

history of CSP(Content Security Policy)

Content Security Policy is a candidate recommendation of the W3C working group on web application security.

Version 1 (or Level 1) was proposed in 2012, with Level 2 following in 2014, and Level 3 in development since 2015 as a draft recommendation.

link

• https://developer.mozilla.org/zh-CN/docs/Web/HTTP/CSP
• https://developers.google.com/web/fundamentals/security/csp
• https://www.w3.org/html/ig/zh/wiki/CSP
• https://w3c.github.io/webappsec-csp/2/
• https://www.netsparker.com/blog/web-security/content-security-policy/