Content Security Policy
I am Trying to make a hack-proof game. I am trying to allow inline and eval scripts, but no other scripts (like bookmarklets) can be run. Does anyone know how to do that only using meta tags?
For a single-player browser game, this just isn't going to happen.
Trying to stop people from running scripts at all isn't possible, anyone can just open inspect element and run code with the console.
I myself have found leaderboards on repl talk that didn't or couldn't validate anything, so you could just say you had infinite money or anything like that and it would happen.
You can make it really annoying to open inspect element with a bunch of debugger statements being spammed and redirecting, but you won't be able to stop anyone that really tries.