Chrome Apis In Sandoxed Page

Skip to first unread message

Vitanshu Sahu

May 23, 2022, 12:37:14 AMMay 23
to Chromium Extensions
Hello Everyone

I have the following issues on migration:-

1) My Chrome extension executes chrome.tabs.executescript({'code':'JavaScript Code Inside String'}) which is allowed in V2. Since Direct code execution is not allowed in V3 and  chrome.scripting.executescript not allowed direct execution of code.It allowed to execute code inside function or file.For executing that string code we have to use eval which is not allowed.

2) For fixing this issue we are using message passing and try to execute code in sandboxed page.Since inline script is allowed in sandboxed page.But now the issue is the code which we are executed present inside external files using apis and many more chrome apis as well.
Since chrome apis are not accessible in the sandbox page.Now we are stuck here and unable to find any solution regarding this.

So I expect that  you have some alternative for fixing this issue.

Cuyler Stuwe

May 23, 2022, 1:15:47 AMMay 23
to Vitanshu Sahu, Chromium Extensions
You haven’t made it clear why you think you need to evaluate arbitrary strings of Javascript. Maybe you don’t need to. Wanna show some code, or elaborate further about what you’re trying to accomplish?

You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Vitanshu Sahu

May 23, 2022, 8:00:49 AMMay 23
to Chromium Extensions,, Chromium Extensions, Vitanshu Sahu, Gaurav Rathor

What my extension does is it executes some user written JavaScript.That means for each user this script is different.So this extension load the Javascript on runtime and executes this file code as a string.
Suppose a user writes this javascript

File Name:- aBC.js(Different for different users)

'use strict';
window.myldap_vitanshu = {
init: function() {
         alert('My First Module: controller template init() function called');

So what my extension does is load this file and execute this string.
But since now direct code execution is not allowed therefore we have to do it inside a function or file for registering this variable in window.
But for this we have to use eval which is not allowed.

If all things work fine then the expected functionality is as follows:- 

Register Variable inside window.
Then Call window.init() whose functionality depends on user to user.

For Fixing this I have moved this code to a sandboxed page and execute inline script which is allowed in Sandboxed Page.

But another user writes 

'use strict';
window.myldap_vitanshu = {
init: function() {'key_name')

The main problem is here since sandboxed pages are not allowed to access chrome apis in sandboxed page.

Vitanshu Sahu

May 24, 2022, 8:18:34 AMMay 24
to Chromium Extensions, Vitanshu Sahu,, Chromium Extensions, Gaurav Rathor, Guille Vidal
Reply all
Reply to author
0 new messages