Re: [crx] Unsafe Javascript atemp into iframe in chrome extension
259 views
Skip to first unread message
John J Barton
Oct 8, 2012, 10:26:13 AM10/8/12
to Julien Alary, chromium-...@chromium.org
How are you trying to communicate between cache.html and
sandboxed.html. The only allowed methods use .postMessage().
jjb
On Mon, Oct 8, 2012 at 3:25 AM, Julien Alary <alar...@gmail.com> wrote:
> Hi extension developpers,
>
> I have big issues with inline javascript and new manifesto v2.
> First, I tried to change few things in my add-on, I got these errors:
> Refused to execute inline script because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
> background.html:1
> Refused to execute JavaScript URL because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
> about:blank:1
> 2Refused to execute inline script because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
> DCE24DB153A80B735442BF97F168AE6C.cache.html:1
> Refused to execute inline script because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
>
> Then, I read most of documentation about new CSP. I tried to adapt my
> add-on to "sandbox mode", without any success as I have new errors... :(
>
> Unsafe JavaScript attempt to access frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/sandboxed.html
> from frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/DCE24DB153A80B735442BF97F168AE6C.cache.html.
> Domains, protocols and ports must match.
> DCE24DB153A80B735442BF97F168AE6C.cache.html:1
>
> Unsafe JavaScript attempt to access frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/sandboxed.html
> from frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/DCE24DB153A80B735442BF97F168AE6C.cache.html.
> Domains, protocols and ports must match.
>
>
> Can you help me on this? I'll send you both add-on files if you prefer!
>
> Thanks a lot!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/RBs2ybSfDAUJ.
> To post to this group, send email to chromium-...@chromium.org.
> To unsubscribe from this group, send email to
> chromium-extens...@chromium.org.
> For more options, visit this group at
> http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
sandboxed.html. The only allowed methods use .postMessage().
jjb
On Mon, Oct 8, 2012 at 3:25 AM, Julien Alary <alar...@gmail.com> wrote:
> Hi extension developpers,
>
> I have big issues with inline javascript and new manifesto v2.
> First, I tried to change few things in my add-on, I got these errors:
> Refused to execute inline script because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
> background.html:1
> Refused to execute JavaScript URL because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
> about:blank:1
> 2Refused to execute inline script because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
> DCE24DB153A80B735442BF97F168AE6C.cache.html:1
> Refused to execute inline script because it violates the following Content
> Security Policy directive: "script-src 'self' chrome-extension-resource:".
>
> Then, I read most of documentation about new CSP. I tried to adapt my
> add-on to "sandbox mode", without any success as I have new errors... :(
>
> Unsafe JavaScript attempt to access frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/sandboxed.html
> from frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/DCE24DB153A80B735442BF97F168AE6C.cache.html.
> Domains, protocols and ports must match.
> DCE24DB153A80B735442BF97F168AE6C.cache.html:1
>
> Unsafe JavaScript attempt to access frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/sandboxed.html
> from frame with URL
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/DCE24DB153A80B735442BF97F168AE6C.cache.html.
> Domains, protocols and ports must match.
>
>
> Can you help me on this? I'll send you both add-on files if you prefer!
>
> Thanks a lot!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/RBs2ybSfDAUJ.
> To post to this group, send email to chromium-...@chromium.org.
> To unsubscribe from this group, send email to
> chromium-extens...@chromium.org.
> For more options, visit this group at
> http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
Julien Alary
Oct 8, 2012, 12:11:13 PM10/8/12
to John J Barton, chromium-...@chromium.org
Reply all
Reply to author
Forward
0 new messages