This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.| Virtue Security
