发表新帖
发表新帖

Chrome Extension - Content Security Policy - executing inline code

后端 未结
关注
6 1639
梦谈多话
梦谈多话 2020-12-08 10:15

I am using an external JavaScript lib in my chrome extension. I has inline execution, so I get following kind of error

(The error I get on console)

6条回答
  • 时光说笑
    时光说笑 (楼主)
    2020-12-08 10:43

    Copied from my answer to a similar question here. For recent versions of Chrome (46+) the current answer is no longer true. unsafe-inline still has no effect (in both the manifest and in meta header tags), but per the documentation, you can use the technique described here to relax the restriction.

    Hash usage for

    Result:

    I also tested putting the applicable directive in a meta tag instead of the manifest. While the CSP indicated in the console message did include the content of the tag, it would not execute the inline script (in Chrome 53).

    new background.html:

    Result:

    0 讨论(0)
 看不清?
提交回复
热议问题