Hello team,
We would like to clarify something around content scripts/script injection and migration to Manifest v3.
Our extension is highly dependent on the script injection timing. We want to inject a script into the page before anything else loads.
With Manifest V2 we were achieving this by:
1. Having a content script to load at "document_start".
2. In the content script we inject a script to run on the main world, as follows
```
const scriptString = 'function runAtStart () { console.log('our code...'); }';
const script = document.createElement('script');
script.appendChild(document.createTextNode(scriptString));
(document.body || document.head || document.documentElement).appendChild(script);
```
We are aware that this is no longer possible with Manifest V3 as it violates the new CSP.
(We get the following: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".)
We've noticed that with Manifest V3 however is possible to refactor into the following strategy:
1. Having a content script to load at "document_start" (as in Manifest V2, no change here)
2. Move our "string of javascript" to a separate file (let's call it runAtStart.js)
3. Declare the new script in the web_accessible_resources
```
"web_accessible_resources": [
{
"resources": ["runAtStart.js"],
"matches": ["<all_urls>"],
"use_dynamic_url": true
}
]
```
4. In our content script we create a dynamic script to inject runAtStart.js
```
const s = document.createElement('script');
s.setAttribute('src', 'chrome-extension://<id_of_the_extension>/runAtStart.js');
document.documentElement.appendChild(s);
```
Is this a future proof implementation? Would this be rejected upon review? Or will this capability be restricted in further iterations of the Manifest V3? If this is the way to go now, should I advocate for this strategy?
Thank you!