@sirdarckcat The CSP nonce bypass is mitigated by style-src right?
Not really. CSS attr selectors are the most convenient way to leak nonces after DOM XSS, but not the only one.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Not really. CSS attr selectors are the most convenient way to leak nonces after DOM XSS, but not the only one.