There are tricks, however.
Project documentation is in docs/.。PDF资料对此有专业解读
FT Videos & Podcasts。关于这个话题,heLLoword翻译官方下载提供了深入分析
Name: H&V Server
I believe basically all of these escapes could be avoided by having a stricter CSP from the start. I didn't know you can specify a folder for the allowed scripts, and thought it only supported domains. Some mistakes were made, but it was quite fun to see all the creative escapes people did.