CSP and Bypasses

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.

XSS bypassing CSP and using DOM clobbering

Hunting nonce-based CSP bypasses with dynamic analysis

A pen tester's guide to Content Security Policy - Outpost24

CSP Bypass Unveiled: The Hidden Threat of Bookmarklets

CSP Bypass Unveiled: The Hidden Threat of Bookmarklets

WordPress CSP Bypass Exploit - ZOFixer Penetration Testing Tool

Defending against XSS with CSP

Content-Security-Policy Bypass to perform XSS using MIME sniffing, by kleiton0x7e

Bypassing CSP with JSONP Endpoints - Hurricane Labs