From d6b5adf414c395926edc27c3bc1ed9b675e4924e Mon Sep 17 00:00:00 2001
From: Boik <qazbnm456@gmail.com>
Date: Thu, 19 Jul 2018 10:40:59 -0700
Subject: [PATCH] add an article

---
 README-jp.md | 1 +
 README-zh.md | 1 +
 README.md    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/README-jp.md b/README-jp.md
index 6819445..98bbd23 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -251,6 +251,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [CSP: bypassing form-action with reflected XSS](https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/) - Written by [Detectify Labs](https://labs.detectify.com/).
 - [TWITTER XSS + CSP BYPASS](http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
 - [Neatly bypassing CSP](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https://wallarm.com/).
+- [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
 
 <a name="evasions-waf"></a>
 ### WAF
diff --git a/README-zh.md b/README-zh.md
index 3823ea7..4e8e6c8 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -272,6 +272,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [CSP: bypassing form-action with reflected XSS](https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/) - Written by [Detectify Labs](https://labs.detectify.com/).
 - [TWITTER XSS + CSP BYPASS](http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
 - [Neatly bypassing CSP](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https://wallarm.com/).
+- [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
 
 <a name="evasions-waf"></a>
 ### WAF
diff --git a/README.md b/README.md
index 263ffda..4e95941 100644
--- a/README.md
+++ b/README.md
@@ -248,6 +248,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [CSP: bypassing form-action with reflected XSS](https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/) - Written by [Detectify Labs](https://labs.detectify.com/).
 - [TWITTER XSS + CSP BYPASS](http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
 - [Neatly bypassing CSP](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https://wallarm.com/).
+- [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
 
 <a name="evasions-waf"></a>
 ### WAF