1. Web Security Academy
  2. Cross-site scripting
  3. CSP
  4. Lab

Lab: Reflected XSS protected by CSP, with CSP bypass


This lab uses CSP and contains a reflected XSS vulnerability.

To solve the lab, perform a cross-site scripting attack that bypasses the CSP and calls the alert function.

Please note that the intended solution to this lab is only possible in Chrome.