Hello, !

inject

src

<?php header("Content-Security-Policy: default-src 'self'; style-src 'unsafe-inline'"); ?>
<script src="hook.js"></script>


<script src="csp01-util.js"></script>
<script src="csp01-jsonp.php?callback=callback"></script>

<h1> Hello, <?= $_GET['payload'?>!</h1>

<h1> inject </h1>
<form>
    <input type="text" name="payload" placeholder="your payload here">
    <input type="submit" value="GO">
</form>

<h1> src </h1>
<?php highlight_string(file_get_contents(basename(__FILE__))); ?>