How to fix chrome-extension inline JavaScript invocation error?

by

By default Content Security Policy, inline scripts won’t be loaded and only local script can be loaded. You could relax the default policy by:

  1. Inline Script. Take a look at Official Guide, inline scripts can be whitelisted by specifying the base64-encoded hash of the source code in the policy. See Hash usage for elements for an example.

    But I believe a better way would extract this logic to a separate script and not use inline script.

  2. Remote Script. You could whitelist script resources https://apis.google.com/js/client.js?onload=handleClientLoad by the following section in manifest.json

    "content_security_policy":"script-src 'self' https://apis.google.com; object-src 'self'"

    Also, I believe a better way could be downloading the remote client.js and include it as a local script.

Please be aware as per the description of Inline Script, unsafe-inline no longer works.

Up until Chrome 45, there was no mechanism for relaxing the restriction against executing inline JavaScript. In particular, setting a script policy that includes ‘unsafe-inline’ will have no effect.

More Related Contents:

  1. The Chrome extension popup is not working, click events are not handled
  2. Console shows error about Content Security policy and lots of failed GET requests
  3. Content-Security-Policy error in google chrome extension making
  4. Use a content script to access the page context variables and functions
  5. Chrome sendrequest error: TypeError: Converting circular structure to JSON
  6. Check whether user has a Chrome extension installed
  7. How to simulate key presses or a click with JavaScript?
  8. Gmail Extension, sendMessage to background from page context
  9. Can a site invoke a browser extension?
  10. How can a Chrome extension save many files to a user-specified directory?
  11. Create a file using Javascript in Chrome on client side
  12. How to handle “Unchecked runtime.lastError: The message port closed before a response was received”?
  13. Chrome extension: How to remove orphaned script after chrom extension update
  14. Loading external javascript in google chrome extension
  15. Event onBrowserClose for Google Chrome Extension?
  16. How to keep Google Chrome Extension popup open?
  17. How to get Clipboard data in Chrome Extension?
  18. Getting unique ClientID from chrome extension?
  19. Communicating between a Chrome packaged app and a Chrome extension?
  20. Modify HTML of loaded pages using chrome extensions
  21. How to inject CSS into webpage through Chrome extension?
  22. Making a Chrome Extension download a file
  23. In a Chrome Extension content script, must I wait for document.ready before processing the document?
  24. Chrome Extension: How do I inject a script that the user provided?
  25. How to modify current url location in chrome via extensions
  26. Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”
  27. Javascript: Let user select an HTML element like Firebug?
  28. Chrome extension identity.email empty
  29. Cross-domain XMLHttpRequest using background pages
  30. Chrome Extension get selected text

Leave a Comment