WOW. Some next level chaining by @joaxcar for this CSP bypass in GitHub!
Drag and drop triggers HTML injection which injects a form which triggers a hash change which triggers a button click which injects more and triggers another click gadget which triggers a hash change again which finally triggers button click to submit the form.
