CSP-bypass XSS in project settings page