How to run injected scripts with strict Content Security Policy (CSP) headers enabled, without compromising on security.