Maybe you should read up on what CSP can and can't do. Once an attacker can execute arbitrary code, they can do anything the client can.