Bypassing strict CSP by abusing WebRTC

 web, csp

I noticed recently that there was a PR in the w3c github organisation on both the webappsec-csp and webrtc-pc specification repos adding a new webrtc-src repo. The PR in question: