3 comments (3 comments)0 reactions (0 reactions)0 assignees (0 assignees)JavaScript3,797 stars (3,797 stars)144 forks (144 forks)batch import
help wanted
Description
Hi! Are you aware that your bookmarklet doesn't work with CSP implemented?
Ask if you need some help on that...
Contributor guide
- Tech stack
- javascript
- Domain
- frontendsecurity
- Issue type
- bug
- DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
- 3
- Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
- 1-3 hours
- Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
- stale
- ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
- mostly clear
- Prerequisites
- CSP basicsJavaScript
- Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
- 30
- Research direction
- The issue is about making the perfmap bookmarklet work with Content Security Policy (CSP). First, review the bookmarklet code in the repository to understand how it injects scripts. Then, research how CSP blocks inline scripts and external resources. Perfmap likely uses inline JavaScript, which is blocked by default. Possible solutions include using a nonce or hash, or building the bookmarklet to be CSP compliant. Check the comments on the issue for any previous discussion. The fix may involve modifying the bookmarklet generation script to include CSP attributes.