https://content-security-policy.com/ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy https://github.com/carlospolop/hacktricks/blob/master/pentesting-web/content-security-policy-csp-bypass.md https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup https://cspvalidator.org/ https://book.hacktricks.xyz/pentesting-web/dangling-markup-html-scriptless-injection