Hello. I don't know if anyone else has brought this up. My searching didn't bring up any duplicates, anyhow. As a recent convert to GNU IceCat, I've noticed that when LibreJS recognizes a magnet link to a license on an inline script, it dynamically inserts a JavaScript comment to the top that says "LibreJS: script accepted". The problem is if the site's Content Security Policy only whitelists one or more inline scripts to prevent XSS attacks, this causes the checksum to fail and the script to be blocked by the CSP, leaving a webmaster with the decision to make the site either secure or free. Is it possible to move the "script accepted" message elsewhere? Maybe a console.log if WebExtensions allow for that without inserting it into the site's code, or an HTML comment above the script tag perhaps.
Thank you
pgpJcVGj1Xe5V.pgp
Description: OpenPGP digital signature
