CCSP: Controlled relaxation of content security policies by runtime policy composition