Text this: Mitigating cross-site scripting attacks with a content security Policy