How To Bypass CSP By Hiding JavaScript In A PNG Image Hide a malicious JavaScript library in a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP). Hide a malicious JavaScript library into a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP). It's
![How To Bypass CSP By Hiding JavaScript In A PNG Image](https://cdn-ak-scissors.b.st-hatena.com/image/square/efc71f02746da653f81faaaed351e926ca8af798/height=288;version=1;width=512/https%3A%2F%2Fwww.secjuice.com%2Fcontent%2Fimages%2F2020%2F03%2Fsloth-3.jpg)