…orators, etc) as strings.
I found it notable to point out that XSS on one path gives DOM/XMLHttpRequest access to all other paths. CSP exceptions sound like a bad idea to me, but might still be justifiable on secure subpages which underwent a higher level of scrutiny. I hope this is valid sphinx syntax and shows a warning box. My knowledge in this area is limited.. :)