CSP bypass: How one Chrome XSS bug took 2.5 years and an HTML spec change to fixportswigger.net67 pointsweinzierl5 years ago