A mechanism to bypass Content Security Policy (CSP) protections on sites that have a `script-src` policy of `'strict-dynamic'`. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the `require.js` library that is part of Firefox’s Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175
Acknowledgments: Name: the Mozilla project Upstream: Masato Kinugawa