Content-Security-Policy error in google chrome extension making

by

One of the consequences of "manifest_version": 2 is that Content Security Policy is enabled by default. And Chrome developers chose to be strict about it and always disallow inline JavaScript code – only code placed in an external JavaScript file is allowed to execute (to prevent Cross-Site Scripting vulnerabilities in extensions). So instead of defining getPageandSelectedTextIndex() function in popup.html you should put it into a popup.js file and include it in popup.html:

<script type="text/javascript" src="https://stackoverflow.com/questions/11045653/popup.js"></script>

And <button onclick="getPageandSelectedTextIndex()"> has to be changed as well, onclick attribute is also an inline script. You should assign an ID attribute instead: <button id="button">. Then in popup.js you can attach an event handler to that button:

window.addEventListener("load", function()
{
  document.getElementById("button")
          .addEventListener("click", getPageandSelectedTextIndex, false);
}, false);

More Related Contents:

  1. The Chrome extension popup is not working, click events are not handled
  2. Console shows error about Content Security policy and lots of failed GET requests
  3. How to fix chrome-extension inline JavaScript invocation error?
  4. Use a content script to access the page context variables and functions
  5. Chrome Extension Message passing: response not sent
  6. “Cannot read property of undefined” when using chrome.tabs or other chrome API in content script
  7. How to detect page navigation on YouTube and modify its appearance seamlessly?
  8. Chrome Extension how to send data from content script to popup.html
  9. Injecting JS functions into the page from a Greasemonkey script on Chrome
  10. Chrome extension: How to remove orphaned script after chrom extension update
  11. Loading external javascript in google chrome extension
  12. How to keep Google Chrome Extension popup open?
  13. Inspecting WebSocket frames in an undetectable way
  14. Getting unique ClientID from chrome extension?
  15. How to properly handle chrome extension updates from content scripts
  16. chrome.storage.local.get and set [duplicate]
  17. How to detect the installed Chrome version?
  18. Access variables and functions defined in page context using a content script
  19. Why is document.execCommand(“paste”) not working in Google Chrome?
  20. How can I save information locally in my chrome extension?
  21. Cross-Origin XMLHttpRequest in chrome extensions
  22. Getting selected text in a Chrome extension
  23. tabs.executeScript – passing parameters and using libraries?
  24. Store an array with chrome.storage.local
  25. How to clear chrome.storage.local and chrome.storage.sync?
  26. Can a website block a Chrome Extension? [duplicate]
  27. Chrome extension identity.email empty
  28. Can’t pass arguments to chrome.declarativeContent.SetIcon
  29. Where are cookies saved for a local HTML file?
  30. Chrome Extension get selected text

Leave a Comment