[Feature] @inject-into #681
Description
Feature Description
Please clearly describe the feature you want:
跟VM一样的 @inject-into
可以不是插在World
如果ScriptCat没有CSP插入问题,可无视 @inject-into auto
(VM的话,如果因为CSP问题不能插在World,auto会插在content)
预期不会有 TrustedTypes 问题
在 https://benjamin-philipp.com/test-trusted-types.php?defaultPolicy=false 也可以用 jQuery
当然这只是 bonus. 不行也可以。因为TM也没做特殊处理
因此不需要一个meta 去修改 TrustedTypes 行为,而是建议开发者改用 @inject-into content
如果 @inject-into content 也无法突破 TrustedTypes 问题,就跟现在TM一样的做法:什麼都不做
Use Case
In what situations is this feature needed? (e.g., when processing specific websites, improving operational efficiency, etc.)
真沙盒
don't need to access any JavaScript object from page context.
(unsafeWindow.jQuery becomes inaccessible)
But they can communicate with DOM APIs such as addEventListener.
Additional Information
(Optional) Supplementary screenshots, sample code, or other reference information