PortSwigger Web Security: CSP bypass on PortSwigger.net using Google script resources

A cross-site scripting vulnerability was discovered on PortSwigger.net. The site's content security policy allowed resources from Google's reCAPTCHA domain, which contains AngularJS. This could be abused to bypass the CSP and load arbitrary scripts from other domains. The issue allowed an attacke...