Page cover
githubEdit

building-shieldContent Security Policy

Content Security Policy is a computer security standard introduced to prevent cross-site scripting, clickjacking and other code injection attacks resulting from execution of malicious content in the t

chevron-rightscript.src - cdn.jsdelivr.nethashtag
circle-info

The cdn.jsdelivr.net host is whitelisted to load JavaScript files. JSDeliverarrow-up-right is a free CDN that allows for loading JavaScript files hosted in NPM or GitHub

  1. Attacker uploads malicious JavaScript to a user-controllable source

  2. Attacker references this script via the whitelisted CDN

  3. Script executes with full privileges, bypassing CSP protections

circle-info

XSS to Retrieve cookies via GitHub

Last updated