Weaponized Google OAuth Triggers Malicious WebSocket (opens in new tab)

This looks interesting, This trick is good for hiding the bad code and to bypass the CSP.