tl;dr Directly accessing frame.html to bypass the removal of dangerous characters and setting the window.name property to “iframe” so as to not get the error of “not loading the page in an iframe”. Injecting closing </title> tag to inject HTML into the body and injecting <base href=”our_domain”> to bypass CSP…