[Bug] Injecting script tag blocked by Hacker News content security policy

[joshuaavalon]

As title.

Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/".

A simple fix is to use @require instead of injecting script tag.

...
// @include           https://news.ycombinator.com*
// @require        https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
// @grant             none
...
start();