Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home for chromium.org
« Groups Home
Chromium-extensions
Message from discussion Unsafe Javascript atemp into iframe in chrome extension

View parsed - Show only message text

Received: by 10.152.102.237 with SMTP id fr13mr362036lab.7.1349712683994;
        Mon, 08 Oct 2012 09:11:23 -0700 (PDT)
X-BeenThere: chromium-extensi...@chromium.org
Received: by 10.152.122.71 with SMTP id lq7ls428867lab.0.gmail; Mon, 08 Oct
 2012 09:11:14 -0700 (PDT)
Received: by 10.152.108.42 with SMTP id hh10mr3658053lab.4.1349712674434;
        Mon, 08 Oct 2012 09:11:14 -0700 (PDT)
Received: by 10.152.108.42 with SMTP id hh10mr3658051lab.4.1349712674412;
        Mon, 08 Oct 2012 09:11:14 -0700 (PDT)
Return-Path: <alary....@gmail.com>
Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179])
        by mx.google.com with ESMTPS id tp6si12049506lab.9.2012.10.08.09.11.13
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 08 Oct 2012 09:11:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of alary....@gmail.com designates 209.85.217.179 as permitted sender) client-ip=209.85.217.179;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of alary....@gmail.com designates 209.85.217.179 as permitted sender) smtp.mail=alary....@gmail.com; dkim=pass header...@gmail.com
Received: by mail-lb0-f179.google.com with SMTP id c1so3326478lbg.24
        for <chromium-extensi...@chromium.org>; Mon, 08 Oct 2012 09:11:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=cRvUzqUqdZOFfQk73jTHNS9OGBtY8edCKFPOBQit/aU=;
        b=ImRS3lRL2DB9hQ1aFWsj01apaVvtAbulbQJkoilbd21DGVMa2harPQMbSjeiVrJEDR
         D+ifLT5mVseFXg8+EWIqmckr8GzqznAQLW79kR1GPxl/MsO4HZ3xv09weLUNzK4KoZ4Y
         Qj4y0slc7nMcK9UK2x6RJ6sPYwOIKhe0Yyp0O8Tc1eRSCboqQqg07RhgfVZ81sdB/Avb
         hEgVo/kcOrIo3GM2DZu2fI6oWrFBJYEtZQvu+eXXRWQ4z25VZgM2ldjt1T5ruAU5vaQ6
         XQw0saaHSNY+Cf4SaNo6GkChJn1FAzfZSQe8pSlYpGWyhQPYg+OfnZlex3dzJdSkcvvS
         OoOg==
MIME-Version: 1.0
Received: by 10.112.30.131 with SMTP id s3mr3066813lbh.124.1349712673218; Mon,
 08 Oct 2012 09:11:13 -0700 (PDT)
Received: by 10.152.135.14 with HTTP; Mon, 8 Oct 2012 09:11:13 -0700 (PDT)
In-Reply-To: <CAFAtnWzJKzyv7i_y4a4V+e61A5CLx+mZ7D9=w09GkvY6kfP...@mail.gmail.com>
References: <a7b3b18b-d7dd-4451-8429-8c91894de...@chromium.org>
	<CAFAtnWzJKzyv7i_y4a4V+e61A5CLx+mZ7D9=w09GkvY6kfP...@mail.gmail.com>
Date: Mon, 8 Oct 2012 18:11:13 +0200
Message-ID: <CAEa-35U-L=k2p4+gZvRTRz+2Co-1KLu617Mhwo_Rdv2Nj1t...@mail.gmail.com>
Subject: Re: [crx] Unsafe Javascript atemp into iframe in chrome extension
From: Julien Alary <alary....@gmail.com>
To: John J Barton <johnjbar...@johnjbarton.com>
Cc: chromium-extensi...@chromium.org
Content-Type: multipart/alternative; boundary=f46d04016acd6fa18f04cb8e780e

--f46d04016acd6fa18f04cb8e780e
Content-Type: text/plain; charset=ISO-8859-1

Yes it seems to be my problem...

2012/10/8 John J Barton <johnjbar...@johnjbarton.com>

> How are you trying to communicate between cache.html and
> sandboxed.html. The only allowed methods use .postMessage().
> jjb
>
> On Mon, Oct 8, 2012 at 3:25 AM, Julien Alary <alary....@gmail.com> wrote:
> > Hi extension developpers,
> >
> > I have big issues with inline javascript and new manifesto v2.
> > First, I tried to change few things in my add-on, I got these errors:
> > Refused to execute inline script because it violates the following
> Content
> > Security Policy directive: "script-src 'self'
> chrome-extension-resource:".
> > background.html:1
> > Refused to execute JavaScript URL because it violates the following
> Content
> > Security Policy directive: "script-src 'self'
> chrome-extension-resource:".
> > about:blank:1
> > 2Refused to execute inline script because it violates the following
> Content
> > Security Policy directive: "script-src 'self'
> chrome-extension-resource:".
> > DCE24DB153A80B735442BF97F168AE6C.cache.html:1
> > Refused to execute inline script because it violates the following
> Content
> > Security Policy directive: "script-src 'self'
> chrome-extension-resource:".
> >
> > Then, I read most of  documentation about new CSP. I tried to adapt my
> > add-on to "sandbox mode", without any success as I have new errors... :(
> >
> > Unsafe JavaScript attempt to access frame with URL
> >
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/sandboxed.html
> > from frame with URL
> >
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/DCE24DB153A80B735442BF97F168AE6C.cache.html.
> > Domains, protocols and ports must match.
> > DCE24DB153A80B735442BF97F168AE6C.cache.html:1
> >
> > Unsafe JavaScript attempt to access frame with URL
> >
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/sandboxed.html
> > from frame with URL
> >
> chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/DCE24DB153A80B735442BF97F168AE6C.cache.html.
> > Domains, protocols and ports must match.
> >
> >
> > Can you help me on this? I'll send you both add-on files if you prefer!
> >
> > Thanks a lot!
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-extensions" group.
> > To view this discussion on the web visit
> >
> https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/RBs2ybSfDAUJ
> .
> > To post to this group, send email to chromium-extensi...@chromium.org.
> > To unsubscribe from this group, send email to
> > chromium-extensions+unsubscr...@chromium.org.
> > For more options, visit this group at
> > http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en
> .
>

--f46d04016acd6fa18f04cb8e780e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Yes it seems to be my problem...<br><br><div class=3D"gmail_quote">2012/10/=
8 John J Barton <span dir=3D"ltr">&lt;<a href=3D"mailto:johnjbarton@johnjba=
rton.com" target=3D"_blank">johnjbar...@johnjbarton.com</a>&gt;</span><br><=
blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
 #ccc solid;padding-left:1ex">
How are you trying to communicate between cache.html and<br>
sandboxed.html. The only allowed methods use .postMessage().<br>
jjb<br>
<br>
On Mon, Oct 8, 2012 at 3:25 AM, Julien Alary &lt;<a href=3D"mailto:alary.ju=
l...@gmail.com">alary....@gmail.com</a>&gt; wrote:<br>
&gt; Hi extension developpers,<br>
&gt;<br>
&gt; I have big issues with inline javascript and new manifesto v2.<br>
&gt; First, I tried to change few things in my add-on, I got these errors:<=
br>
&gt; Refused to execute inline script because it violates the following Con=
tent<br>
&gt; Security Policy directive: &quot;script-src &#39;self&#39; chrome-exte=
nsion-resource:&quot;.<br>
&gt; background.html:1<br>
&gt; Refused to execute JavaScript URL because it violates the following Co=
ntent<br>
&gt; Security Policy directive: &quot;script-src &#39;self&#39; chrome-exte=
nsion-resource:&quot;.<br>
&gt; about:blank:1<br>
&gt; 2Refused to execute inline script because it violates the following Co=
ntent<br>
&gt; Security Policy directive: &quot;script-src &#39;self&#39; chrome-exte=
nsion-resource:&quot;.<br>
&gt; DCE24DB153A80B735442BF97F168AE6C.cache.html:1<br>
&gt; Refused to execute inline script because it violates the following Con=
tent<br>
&gt; Security Policy directive: &quot;script-src &#39;self&#39; chrome-exte=
nsion-resource:&quot;.<br>
&gt;<br>
&gt; Then, I read most of =A0documentation about new CSP. I tried to adapt =
my<br>
&gt; add-on to &quot;sandbox mode&quot;, without any success as I have new =
errors... :(<br>
&gt;<br>
&gt; Unsafe JavaScript attempt to access frame with URL<br>
&gt; chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/=
sandboxed.html<br>
&gt; from frame with URL<br>
&gt; chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/=
DCE24DB153A80B735442BF97F168AE6C.cache.html.<br>
&gt; Domains, protocols and ports must match.<br>
&gt; DCE24DB153A80B735442BF97F168AE6C.cache.html:1<br>
&gt;<br>
&gt; Unsafe JavaScript attempt to access frame with URL<br>
&gt; chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/=
sandboxed.html<br>
&gt; from frame with URL<br>
&gt; chrome-extension://kmcaojajmlheapgpbdpeejkchoeaaena/module/background/=
DCE24DB153A80B735442BF97F168AE6C.cache.html.<br>
&gt; Domains, protocols and ports must match.<br>
&gt;<br>
&gt;<br>
&gt; Can you help me on this? I&#39;ll send you both add-on files if you pr=
efer!<br>
&gt;<br>
&gt; Thanks a lot!<br>
<span class=3D"HOEnZb"><font color=3D"#888888">&gt;<br>
&gt; --<br>
&gt; You received this message because you are subscribed to the Google Gro=
ups<br>
&gt; &quot;Chromium-extensions&quot; group.<br>
&gt; To view this discussion on the web visit<br>
&gt; <a href=3D"https://groups.google.com/a/chromium.org/d/msg/chromium-ext=
ensions/-/RBs2ybSfDAUJ" target=3D"_blank">https://groups.google.com/a/chrom=
ium.org/d/msg/chromium-extensions/-/RBs2ybSfDAUJ</a>.<br>
&gt; To post to this group, send email to <a href=3D"mailto:chromium-extens=
i...@chromium.org">chromium-extensi...@chromium.org</a>.<br>
&gt; To unsubscribe from this group, send email to<br>
&gt; <a href=3D"mailto:chromium-extensions%2Bunsubscr...@chromium.org">chro=
mium-extensions+unsubscr...@chromium.org</a>.<br>
&gt; For more options, visit this group at<br>
&gt; <a href=3D"http://groups.google.com/a/chromium.org/group/chromium-exte=
nsions/?hl=3Den" target=3D"_blank">http://groups.google.com/a/chromium.org/=
group/chromium-extensions/?hl=3Den</a>.<br>
</font></span></blockquote></div><br>

--f46d04016acd6fa18f04cb8e780e--

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google