-1

I'm trying to click a button and get all links on a page but i cant and i have this error in console 'Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:"'

MANIFEST.JSON 

{
  "manifest_version": 2,
  "name" : "tat",
  "description": "load",
  "version": "1.0",
  "permissions":["tabs", "http://*/*", "background",  "activeTab"],
  "content_scripts": [{
  "matches": ["http://*/*"],
  "js": ["jquery.js","link.js"]
}],
  "browser_action": {
  "default_title": "lol",
    "default-icon":"images/128.png",
    "default_popup":"popup.html"
},
  "icons":{
  "32":"images/32.png",
    "128":"images/128.png"
},
  "background": {
  "page": "background.html"
}
}

POP-UP.HTML 

<script type="text/javascript">
    var bkg = chrome.extension.getBackgroundPage(); 
    window.addEventListener('load', getAllLinks);
</script>

BACKGROUND.HTML 

<script>
var $html = jQuery(html);
var getAllLinks = function(){
  var elementStr = "";
  var node = document.createElement("li");
  $html.find('a').each(function(){
  if(elementoLink.item(i).href.indexOf("operadorPerfil= REV") != -1){
  elemento.Str += elementoLink.item(i).href+"<br/>";
  node.innerText = elementStr;
  }
});
}
chrome.tabs.onUpdated.addListener(function(){     // listen to updated tabs
  getAllLinks();
  });
</script>
m59
  • 43,214
  • 14
  • 119
  • 136
Ana Izabel A. Jacobsen
  • 19
  • 3

1 Answers1

0

If you had read what the error message said:

Refused to execute inline script because it violates the following Content Security Policy directive:

"script-src 'self' chrome-extension-resource:

you would have realised that the issue was to do with your code being directly inside your HTML file. Instead, you should be placing your files in external .js files and using the src attribute to link to them:

<script src="popup.js"></script>

And in popup.js place your code there. Repeat process for the background page.

CSP, or the Content Security Policy is meant to make it more difficult for developers to implement code that provides attack vectors for XSS attacks and various other malicious activities. It does so by preventing the use of particular "dangerous" things altogether, and making less-recommended methods of doings things opt-in only. For example, eval is blocked unless you have specifically relaxed the restriction in your CSP settings. For more information about what CSP blocks and how it affects your code, see the Chrome Extensions documentation.

Community
  • 1
  • 1
Qantas 94 Heavy
  • 15,750
  • 31
  • 68
  • 83