Circumventing CSP Restrictions to Exfil Data from an XSS Foothold Exfiltrate sensitive data from XSS contexts via Cross-Document Messaging