How to do inline java script injection with Chrome V3

[Tushar K Gupta]

I have a Chrome extension in V2. I am trying to migrate it to Chrome V3. In the code I am trying to append a node using appendChild.

Code snippet I have used to inject the java script to the DOM of page been opened by Browser is as below.

var injectScript = function() {  

     var node = document.createElement('script'); 

     var jscode = '(' + <some code> + ')();'; 

     node.innerHTML = jscode; document.head.appendChild(node); 

};

Calling the injectScript from onload of content_script.js.

Chages done in manifest.json for v3 is

"content_security_policy": { 
 extension_pages": "script-src 'self' 'unsafe-eval'; object-src 'self'"
 }

Chrome extension is showing below error message. "Refused to execute inline script because it violates the following Content Security Policy directive script-src 'self' 'unsafe-eval'. Either the unsafe-inline keyword, a hash or a nonce is required to enable inline execution."

Adding  - "unsafe-inline keyword, a hash or a nonce" is throwing same error again. 

Does Chrome V3 allows inline script injection ? If not what's the alternative.

 

[PhistucK]

As far as I know, no, it does not.

If you are referring to content scripts, it depends on the content security policy of the web page.

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/8cd33941-066a-4beb-a662-ba39d21e2317n%40chromium.org.