> For the complete documentation index, see [llms.txt](https://gowthams.gitbook.io/bughunter-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gowthams.gitbook.io/bughunter-handbook/intresting-vulnerabilities/csp-bypass.md).

# CSP Bypass

* <https://twitter.com/CurtBraz/status/1180372698167435265?ref_src=twsrc%5Etfw%7Ctwcamp%5Eembeddedtimeline%7Ctwterm%5Ecollection%3A1183061305483239424%7Ctwcon%5Etimelinechrome&ref_url=https%3A%2F%2Ftwitter.com%2Fpentesterland%2Ftimelines%2F1183061305483239424>
* [#JSONP](https://twitter.com/hashtag/JSONP?src=hashtag_click): \<script src="[https://trustedsite/jsonp?callback=payload">](https://trustedsite/jsonp?callback=payload">) [#AngularJS](https://twitter.com/hashtag/AngularJS?src=hashtag_click) \<script src="[https://trustedsite/angularjs/1.1.3/angularjs.min.js">](https://trustedsite/angularjs/1.1.3/angularjs.min.js">) \<div ng-app ng-csp id=p ng-click=$event.view\.alert(1)> [#BugBountyTip](https://twitter.com/hashtag/BugBountyTip?src=hashtag_click)
* JSONP can be a serious security vulnerability. Another good read from my colleague :)[<br>](https://t.co/u950eyl6DF?amp=1)[Accessing cross-site data using JSONPsjoerdlangkemper.nl](https://t.co/u950eyl6DF?amp=1)
* <https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d>
* [If CSP policy points to a dir and you use %2f to encode "/", it is still considered to be inside the dir. All browsers seem to agree on that. This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://jsbin.com/werevijewa/edit?html,output…![Image](https://pbs.twimg.com/media/ECK1OQNXoAA7qk-?format=jpg\&name=small)](https://twitter.com/SecurityMB/status/1162690916722839552?s=20)
* <https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d>
* <http://ghostlulz.com/content-security-policy-csp-bypasses/>
* <https://medium.com/@bhaveshthakur2015/content-security-policy-csp-bypass-techniques-e3fa475bfe5d>
* <https://github.com/zigoo0/JSONBee>
* <https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/csp-host-checker.py>
* <https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/>
* <https://2018.zeronights.ru/wp-content/uploads/materials/3%20ZN2018%20WV%20-%20CSP%20bypass.pdf>
* <https://dropbox.tech/security/unsafe-inline-and-nonce-deployment>
* <https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa/>
* <https://scotthelme.co.uk/content-security-policy-an-introduction/>
* <https://scotthelme.co.uk/csp-cheat-sheet/>
* <https://barryvanveen.nl/blog/47-how-to-prevent-the-use-of-unsafe-inline-in-csp>
* <https://www.netsparker.com/blog/web-security/negative-impact-incorrect-csp-implementations/>
* <https://content-security-policy.com/unsafe-inline/>

Articles:

* <https://ritiksahni.me/content-security-policy>
