Beating an event-handler blocklist and a strict CSP with an onfocus payload and a top-level navigation leak
