|
|
|
|
|
|
by paxys
1407 days ago
|
|
|
It’s on the browser to enforce CSP headers. In this case the browser itself is doing the malicious script injection. Think of it as a browser extension, just running without your consent. It’s up to the browser - not the website - to reject it. |
|
|