New Sophisticated HTML-Injection Technique Bypasses Content Security Policy \ stacker news ~security

pull down to refresh

New Sophisticated HTML-Injection Technique Bypasses Content Security Policy cybersecuritynews.com/content-security-policy-bypass/amp/

21 sats \ 0 comments \ @ch0k1 8 Jul security

A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation.

The method exploits the interaction between nonce-based CSP implementations and browser caching mechanisms, specifically targeting the back/forward cache (bfcache) and disk cache systems.

view all related items