Fix CSP violation by removing inline onclick event handler

- Remove inline onclick='window.open(...)' from PayPal button in popup.html
- Add proper event listener in popup.js using addEventListener
- Fix Content Security Policy violation that was blocking inline event handlers
- Maintain same functionality while complying with Chrome extension CSP requirements
- Use 'self' CSP policy which only allows scripts from the extension itself

popup.html

@@ -120,7 +120,7 @@
     </div>
 
     <div style="margin-bottom: 6px;">
-      <button onclick="window.open('https://www.paypal.com/donate?business=info@nexlab.net', '_blank')" style="background: linear-gradient(45deg, #0070ba, #003087); color: white; border: none; padding: 4px 8px; border-radius: 4px; font-size: 10px; cursor: pointer; margin-bottom: 4px;">
+      <button id="paypal-donate-btn" style="background: linear-gradient(45deg, #0070ba, #003087); color: white; border: none; padding: 4px 8px; border-radius: 4px; font-size: 10px; cursor: pointer; margin-bottom: 4px;">
         💳 Donate with PayPal
       </button>
       <div style="font-size: 9px; color: #666;">info@nexlab.net</div>

popup.js

@@ -523,6 +523,14 @@ document.addEventListener('DOMContentLoaded', function() {
       web3DonateBtn.textContent = '🦊 Donate with MetaMask';
     }
   });
+
+  // PayPal donation button event listener
+  const paypalBtn = document.getElementById('paypal-donate-btn');
+  if (paypalBtn) {
+    paypalBtn.addEventListener('click', function() {
+      window.open('https://www.paypal.com/donate?business=info@nexlab.net', '_blank');
+    });
+  }
 });
 
 // Function to find and click the next link