search

theCrius / tildes-extended

Extension for Chrome and Firefox to enhance the UX/UI of https://tildes.net
ISC License
14 stars 5 forks source link

Find ways to deal with CSP in Mozilla Firefox #17

Open theCrius opened 6 years ago

theCrius commented 6 years ago

As the time of writing, Firefox has some unresolved issues with how plugins deal with injected CSS/JS into a page.

My personal vision is to not inject <script> at all but sometimes a <style> tag is unavoidable.

There must be a way of dealing with the CSP rules in an healthy way but right now I see lots of plugins having issue with it ( [tamper/violent/whatever]monkey being one of them ).

This is more of an investigation issue than anything else as the solution, optimistically, is just to configure properly the manifest.json.

theCrius commented 6 years ago

https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/content_security_policy

CSP unsafe_inline is disabled, even for