User:BWolff (WMF)/CSP/5

This is bad

 * Maybe the attacker puts this into a page and causes everyone who views the page to make an obnoxious edit
 * Maybe the attacker uses it to spy on anyone who looks at the page. For example, to try and obtain their password by looking at what they type on the site
 * Maybe the attacker uses it to get information the person loading the page has access to that the attacker doesn't.
 * Maybe the attacker uses it to conduct a phising attack or as a first step to get the user to install malware

next