How to Bypass CSP by Hiding JavaScript in a PNG Image

Hide a malicious JavaScript library in a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP). Read more


The incomparable JavaScript

This website is assembled with JavaScript, mainly because that's the easiest way to use the excellent KaTeX. I'm using Metalsmith to write the blog, which has been very pleasant, but every so often the essential madness of JS shines through. (more…)

Read more »