0

I am trying to make a bookmarklet that shows my password when clicked before I log in on discord. I am running the javascript locally from another file called bookmarklet.js. The script will not run because I am getting the error:

Refused to load the script 'http://localhost:8888/bookmarklet.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-NjgsOTIsMjAxLDk5LDEyOSwyMzAsMTI3LDU0

What does this mean? Is there a way to have discord load my script?

Swimmer97
  • 1
  • 1
  • 1
  • 1
    Does this answer your question? [Refused to load the script because it violates the following Content Security Policy directive](https://stackoverflow.com/questions/31211359/refused-to-load-the-script-because-it-violates-the-following-content-security-po) – nathan liang Mar 25 '22 at 03:15

1 Answers1

0

Since discord and almost every site uses Cors to protect from (self) xss attacks, you definitely can't run a code from bookmarklet, since you can see http://localhost:8888 is not the same as https://discord.com. Therefore, if you are really wanting to run a js code, you can try any of these two methods:

  1. Write javascript:<your js code, in one line, line separated by ";" ofc> in your address bar, and press enter, it will run that js code. Works on (maybe almost) every browser, including mobile! You still need to save the code somewhere, preferably on desktop.

  2. Save the code as a txt or js file on your desktop, and open it everytime and copy paste the code to your dev tools console.

Also do note, if you're planning to use your account as self bot purposes, it's against Discord tos, and my answer was only for educational purposes.

Ren Hiyama
  • 383
  • 2
  • 13