In a manifest V2 extension content script, the following worked fine:
var script = document.createElement('script');
script.textContent = 'console.log("hello")';
document.head.appendChild(script);
document.head.removeChild(script);
In manifest V3, it now throws the following error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*" ...
Yes, there are a lot of answers to this already, but none I could find are acceptable in my case. I HAVE to be able to inject custom code. The point of this extension is to allow user-injected code. Therefore, "just use a separate file" cannot work.
What options do I have?
EDIT: This would not be an issue if the Chrome WebStore didn't stop allowing new MV2 extensions.