I have developed an extension which contains a dynamic form with single input and a '+' button. I have written inline javascript html on click event but the content security policy keeps on refusing the inline event handler to work. Where do I need to modify the CSP so that my inline script gets executed ? The ways I tried are replacing unsafe-eval with unsafe-inline and the other way is removing content_security_policy in manifest.json. Even i tried changing manifest_version to 1 but none of them worked.
Asked
Active
Viewed 820 times
1
-
No need to modify CSP. Simply use a separate js file as shown [here](https://stackoverflow.com/a/25721457) or [here](https://stackoverflow.com/a/17612988). – wOxxOm Feb 19 '19 at 10:34
-
through the script im trying to add one more input and button where the button is having the inline onclick event. This is getting refused by csp. – Srikanth Isikala Feb 19 '19 at 10:39
-
" " + " " + – Srikanth Isikala Feb 19 '19 at 10:39
-
As shown in the answers I've linked, instead of onclick and inline code, use a separate js file. – wOxxOm Feb 19 '19 at 10:47