The what and why, and how to do it right:
https://developer.chrome.com/extensions/contentSecurityPolicy#JSExecution

Offending:
Mostly onclick/onchange handlers as far as I can tell, nice work!

            <select id="vendorselect"
                    onchange="firmwarewizard.setSearchQuery(this.value); scrollDown();"></select>

Verify against

• https://securityheaders.io/?q=firmware.darmstadt.freifunk.net&hide=on&followRedirects=on
• https://report-uri.io/home/analyse
• https://csp-evaluator.withgoogle.com/

"It does, however, require you to write your code with a clean separation between content and behavior"

Nagut. War ich bisher zugegebenermaßen einfach zu faul zu, das zu mal zu fixen. ^^