Hello Jakub,

> it doesn't work before of Content Security Policy. But it works on
> SRFI that are simple HTML files without any extra protection.

I see neither a CSP meta tag nor CSP HTTP header. Maybe you removed it?

> Any reason why this Content Policy was added?

It's a security barrier, sort of like a firewall. The idea is to stop
any non-whitelisted JavaScript code from running, thereby preventing XSS
attacks.

You can use https://csp-evaluator.withgoogle.com/ to dissect a CSP
configuration. To add support for LIPS it should be sufficient to
add/extend the `script-src` part with a URL pointing to the LIPS
sources.

> It would be cool to have this REPL on every page on new website, or at
> least that it works there. My Bookmark only use cdn.jsdelivr.net
> domain to get the JavaScript files. You should try it.

What new website? I can help out with getting pesky security stuff
working...

Vasilij