CSP: Bookmarklets should bypass pages' policies (2013 → Infeasible 2026) | Dark Hacker News