I have a bookmarklet script but in some browsers (for example firefox) it cannot be executed on pages with a certain content security policy (it does not depend on the script itself, firefox just won't execute any part of the script at all on these pages). So is there any way to have some kind of fallback routine when firefox or other browsers block the script, maybe in a way that a certain url is opened without js?
Edit: Mozilla doesn't seem to be interested in the CSP Level 3 guidelines (§ 9.1):
Policy enforced on a resource SHOULD NOT interfere with the operation of user-agent features like addons, extensions, or bookmarklets. These kinds of features generally advance the user’s priority over page authors, as espoused in [HTML-DESIGN].
No.
A bookmarklet is a JS URL. While you might put other kinds of data inside it, it starts out as JS, so if a security policy blocks it, then it blocks the whole thing.