On Thu, 19 Jan 2023 19:50:17 +0000
Magnus Ahltorp <xxxxxx@kth.se> wrote:
> And I definitely don't understand why a bookmarklet wouldn't work in this
> case, that's user configuration, not cross site functionality.
Most used CSP feature is blocking scripts, and allow to load only script
from same domain (or listed domains), so you can't load 3rd party script with:
<script src=""/>
you can only have bookmark that use code inside the bookmark itself, which is
not very useful. No other libraries. It throw error when I try to load
jQuery.
Another usually blocking eval (scheme.org also block this), try to execute:
eval('alert("x")')
on the page.
--
Jakub T. Jankiewicz, Senior Front-End Developer
https://jcubic.pl/me