Find ways to deal with CSP in Mozilla Firefox

[theCrius]

As the time of writing, Firefox has some unresolved issues with how plugins deal with injected CSS/JS into a page.

My personal vision is to not inject <script> at all but sometimes a <style> tag is unavoidable.

There must be a way of dealing with the CSP rules in an healthy way but right now I see lots of plugins having issue with it ( [tamper/violent/whatever]monkey being one of them ).

This is more of an investigation issue than anything else as the solution, optimistically, is just to configure properly the manifest.json.

[theCrius]

https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/content_security_policy

CSP unsafe_inline is disabled, even for <STYLE>

[theCrius]

Bugzilla reference: https://bugzilla.mozilla.org/show_bug.cgi?id=1267027

[theCrius]

Another bugzilla reference that lead to the decision to suggest disabling CSP in firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1411641#c13

[shakna-israel]

contentScripts should be able to work around it. I'll try and see if I can find a way to integrate it this week... But contentScripts is only supported by Firefox, though it is from 59, and does work on Android too.

We'll see if it is worth it.