Using strict CSP you can block the background-image requests, which would be the malicious domain/api of the attacker. Using strict csp directives you can block these requests, that's how we're doing it at my current job
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
CSP is useful, but I don't think it is for this case as the initial resource and hack are loaded from the same domain.
Wouldn't it be more useful to add an integrity check to make sure the file is not updated? Do link nodes support the integrity attribute?
Using strict CSP you can block the background-image requests, which would be the malicious domain/api of the attacker. Using strict csp directives you can block these requests, that's how we're doing it at my current job