Is There a Security Content Security Policy in JavaScript?

Security content security policy (CSP) has limited the ability of JavaScript to access external web pages and therefore defeated most bookmarklets. Sometimes you have to do a little security bypassing to get local scripts to run. But by hosting them on HTTPS servers and loading them if they if they load remote code and you do it over HTTPS, you can sometimes work around. Some sites won't allow cross site execution of JavaScript. So they can't eat the pager on won't allow you to load an external JavaScript.