Does Content Security Policy block bookmarklets?

Question

Does Mozillas CSP block to execute Javascript from a bookmark by default?

Can it be configured to do so?

Answer 1

The behavior is specified in mozillas wiki.

CSP should not interfere with the operation of user-supplied scripts (such as browser add-ons and bookmarklets).

Have a look here: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations