dom clobbering

Bypassing CSP and SRI with HTML injection and DOM Clobbering.