Can JavaScript Escape a CSP Meta Tag Inside an Iframe?
Research: Can JavaScript Escape a CSP Meta Tag Inside an Iframe?
In trying to build my own version of Claude Artifacts I got curious about options for applying CSP headers to content in sandboxed iframes without using a separate domain to host…