Manifest V3 and XML documents.
66 views
Skip to first unread message
Stephane Saux
Dec 2, 2022, 3:56:11 PM12/2/22
to Chromium Extensions
My V2 extension could load on an XML URL, for example: https://www.timesunion.com/news/feed/Local-News-193.php
And the extension provided a link to XSL transform the XML into HTML.
The XSL stylesheet was on the same domain (here www.timesunion.com).
The code did something like:
var pi = document.createProcessingInstruction('xml-stylesheet', 'href="' + xslUrl + '" type="text/xsl"');
document.insertBefore(pi, document.firstChild);
var pi = document.createProcessingInstruction('xml-stylesheet', 'href="' + xslUrl + '" type="text/xsl"');
document.insertBefore(pi, document.firstChild);
This does not work any more. With the xslUrl pointing to a XSL stylesheet on the same domain as the XML it will transform (which should be considered a safe URL), the error is:
Refused to load the script 'https://www.timesunion.com/xsl/hdn/xml-mrss.xsl' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
This is what worked in V2
I tried to set the XSL stylesheet URL to chrome extension URL,
but then I get another error that the URL does not match the XML URL.
Any solution to that?
wOxxOm
Dec 3, 2022, 3:48:39 AM12/3/22
to Chromium Extensions, stepha...@gmail.com
Report the problem on https://crbug.com. I guess it doesn't work because XSL runs arbitrary code, but it might make sense to allow it in case it's limited to the contents of the XML.
The workaround is to use a sandboxed iframe and do the processing inside, exchanging the info via contentWindow.postMessage and parent.postMessage
Reply all
Reply to author
Forward
0 new messages