Refused to execute inline event handler because it violates CSP. (SANDBOX)

Question

I\'m developing a google chrome packaged app, when I put Sandbox in the manifest.json:

 {
  "manifest_version": 2,
  &         


        

Answer 1

Answer for your non sandbox related question:

You have something in your code like this:

<button onclick="myFunction()">Click me</button>

In a nutshell this is not allowed in chrome apps and extensions.

Change this to the following and it will work:

• html:

  <button id="myButton">Click me</button>
  <script src="script.js"></script>
  

• script.js:

  document.getElementById("myButton").addEventListener("click", myFunction);
  
  function myFunction(){
    console.log('asd');
  }
  

Long story:

In chrome apps, Content Security Policy does not allow inline javascript. So you have to put your javascript in a .js file and include it in your HTML.

Further reading: https://developer.chrome.com/extensions/contentSecurityPolicy