Emit Jelly file inside <script> tags

[daniel-beck]

Proof of concept quality: This currently makes empty-bodied <script> tags into CSP violations (see View/index.jelly).

WDYT? Worth pursuing?

Testing done

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[Wadeck]

FTR from Daniel in Gitter:

It's a bit (very) limited given we're restricted to just 40 chars in Firefox at least, but perhaps this might end up useful?

[Wadeck]

nit suggestion: use //xxx instead of /*...*/ to save 2 characters as we seem to be lacking space

Daniel found the spec: https://www.w3.org/TR/CSP3/#violation-sample

A violation’s sample will be populated with the first 40 characters of an inline script, event handler, or style that caused an violation. Violations which stem from an external file will not include a sample in the violation report.

[daniel-beck]

save 2 characters as we seem to be lacking space

Seems less safe to do to me.

Also FTR I will need to confirm it's fine to not have //<![CDATA[ at the start of a block like this.