Whilst CSP wouldn't have stopped the modified script from loading it would have stopped the AJAX call to the attacker-controlled domain and thus would have been rendered impotent. Whilst it is very worrying that a bad…
Whilst CSP wouldn't have stopped the modified script from loading it would have stopped the AJAX call to the attacker-controlled domain and thus would have been rendered impotent. Whilst it is very worrying that a bad…