This is unarguably a popular use case, used by every userscript managers and many API blockers.
Now that manifest v3 has become a thing, I'm researching how this document_start userland injection can be done in this setting. However, non of the methods seems to be working.
- Attaching a script tag containing JS code as `textContent`
- Attaching a script tag with 'src' attribute set to a Blob URL
Both approach fails due to the `script-src: self` CSP. I am not sure whether this behavior with Blob URL is even complying to the spec.
As I glimpsed over this group, it seems that a recommended approach is to create a script tag with `src` pointing to a `web_accessible_resources`, but when this approach is used, page's inline scripts are executed first, so it is not a `document_start` injection.
I've read about the new `chrome.scripting` API but it seems to be only concerning about injection into an isolated world.
So, is it a state of V3 now, that there is no way to inject JS to userland at document_start? I thought Tampermonkey depends on this functionality. TM author states here https://github.com/Tampermonkey/tampermonkey/issues/644#issuecomment-742680842
that he is in contact with the Chromium devs and TM will continue to work. Am I missing something, or is that Chromium devs have told TM dev about some upcoming new APIs that will make this possible?