This is a duplication I have from stackoverflow: http://stackoverflow.com/questions/12561759/chrome-extension-writing-content-into-a-dynamic-iframe-created-in-a-sandboxed-------------------
I have this application that uses ExtJS library that I will need to run in Chrome extension. I have successfully created my messaging bridge (
postMessage
), and sandbox'ed the whole application in it, and everything works as usual. ExtJS loaded, application is running.Then I have this piece of logic where I need to preview a piece of HTML snippets in my ExtJS viewport. I created an
iframe
in thePanel
itself and onafterrender
I tried to write the snippet in it. Of the code I use:html: '<iframe src="about:blank" style="width:100%;height:100%;border:none;"></iframe>';
......
//p is the panel found in afterrender
p.body.down('iframe').dom.contentDocument.write(content);Then the error:
Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL chrome-extension://fcnpmlgapilgclcelfanblpbglmkghbc/core/themes/default/app.html. Domains, protocols and ports must match.
I have tried with
postMessage
within sandbox to this dynamic iframe but nothing happens. Setting thesandbox
attribute in manifest doesn't work either.Question:
- How should one set the manifest to support this kind of use case?
- Or is there any better way to preview HTML snippet without using an iframe? Afaik previewing with iframe is the best as it sandboxed the snippet without being messed with parent css.
Note
This piece of code was working fine in manifest v1 but I planned to migrate it to manifest v2. I didn't realize Content Security Policy (CSP) has became that strict.
Screen:
Attached is the draft of what I'm trying to do now. I wanted to write some content into the dynamically created iframe inside my sandbox environment without success. The iframe was loaded with "about:blank" btw. Correct way to do it?