When you hit an XSS vector but CSP is blocking execution, this walks you through the actual bypass techniques that work. It covers the directive hierarchy (and the critical ones like base-uri that don't fall back to default-src), nonce reuse and leakage, abusing whitelisted CDNs like jsdelivr or googleapis for JSONP callbacks, strict-dynamic propagation via script gadgets, and framework-specific template injection when Angular or Vue are allowed. The base-uri omission is especially common in the wild and often overlooked. Also handles the meta tag versus header CSP differences and exfiltration channels when script execution stays blocked but you still need to get data out.
npx skills add https://github.com/yaklang/hack-skills --skill csp-bypass-advanced