CSP: Bookmarklets should bypass pages' policies (2013 → Infeasible 2026) · HackerTrans