|
|
|
|
|
|
by inian
3490 days ago
|
|
|
CSP is supposed to protect the website when there is a xss in it as a defence in depth solution. So a CSP bypass is when, it fails to do so.
#1 - this is true for any site using CSP with javascript.
#3 - the site is not giving the ability to inject the script tag. It is just an xss vulnerability which should have been caught by CSP, but in this case it doesnt. |
|
|