PSA: If your browser extension modifies the DOM & adds markup with inline event handlers (onclick), your code is bad and you should feel bad
So ideally, yes, the browser should know what was added by an extension and not subject it to the page's CSP policy.
-
-
But in practice it doesn't work, so extension-added markup with JS event handlers will break both the extn & the page.
-
Pretty broad reading of the W3 spec. Are extensions authors, implementors, specifiers or theoretically pure?
-
Extensions are users because they modify the UA to behave according to the user's wishes.
-
I don't know
@arturjanc... "user's wishes" are more nuanced and includes not making pages they surf vulnerable to xss via injected code.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.