How I Bypassed YouTube Music’s CSP to Stop Those Annoying "Video Paused" Popups

ERAY ŞENGÜL — Fri, 20 Feb 2026 14:37:34 +0000

Every YouTube Music user knows the struggle: you’re in the zone, working or gaming, and suddenly the music stops. A popup appears: "Video paused. Continue watching?" I got tired of this interruption, but I didn't want to install yet another heavy browser extension that asks for "access to all website data." So, I decided to build a lightweight, open-source bookmarklet: YTM Keep-Alive.

The Challenge: Bypassing CSP and TrustedHTML
Modern web applications like YouTube have extremely strict security policies. While building this, I hit two major walls:

Content Security Policy (CSP): Prevents scripts from executing unauthorized code.

TrustedHTML: Blocks the use of innerHTML, making most traditional scripts useless.

The Solution: Pure DOM Manipulation
Instead of fighting the security policies with innerHTML, I took a "native" approach. I built the entire UI and logic using pure DOM elements (document.createElement). By creating and appending elements directly to the document, the script bypasses TrustedHTML restrictions because it doesn't use any "unsafe" string-to-HTML conversions.

Key Features:

Zero Extensions: No background processes, no tracking.

100% Safe: Open-source code that only runs when you click it.

Draggable UI: A sleek dark-mode timer to show you it’s working.

How to Use It
Visit the Installation Page.

Drag the "YTM Keep-Alive 🎵" button to your bookmarks bar.

Click it whenever you’re on YouTube Music.

Conclusion & Open Source
This is my very first open-source project, and I’ve learned a lot about browser security and DOM manipulation during the process. I’d love for you to check out the code, star the repo, or even contribute!

GitHub Repository: https://github.com/erysngl/ytm-keep-alive

DEV Community: ERAY ŞENGÜL

How I Bypassed YouTube Music’s CSP to Stop Those Annoying "Video Paused" Popups