1

I have a chrome extension that recognizes phone numbers and makes them clickable. With the manifest V2 it worked fine, when I tried to turn it into V3 I get this error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-KGf+5xsZyPa3phh/QEDcQ0MTbd4mjIuMJKHfKSEASfo='), or a nonce ('nonce-...') is required to enable inline execution.

manifest.json:

{
    "manifest_version": 3,
    "name": "Test title",
    "version": "1.1",
    "description": "Description test.",
    "icons": {
        "128": "128.png"
    },
    "options_ui": {
        "page": "options.html"
    },
    "minimum_chrome_version": "10",
    "content_scripts": [
        {
            "matches": ["*://*/*"],
            "js": ["common.js", "jquery-1.6.1.min.js", "plugin-proxy.js", "chrome.js"],
            "all_frames": true
        }
    ],
    "web_accessible_resources": [
        {
            "resources": ["*.js"],
            "matches": ["*://*/*"]
        }
    ],
    "permissions": [
        "contextMenus",
        "storage",
        "tabs",
        "activeTab",
        "declarativeContent",
        "scripting"
    ],
    "host_permissions": [
        "http://*/*",
        "https://*/*"
    ]
}

The error is caused by the execScript function in the following js file:

var execScript = function (doc, scriptSource) {
    var script, ret, id = "";
    id = generateRandomId();
    script = "(function(){var value={callResult: null, throwValue: false};try{value.callResult=" + scriptSource + "}catch(e){value.throwValue=true;value.callResult=e;};" + "document.getElementById('" + id + "').innerHTML=JSON.stringify(value);})();";
    var scriptNode = createScriptNode(doc, {id: id, innerHTML: script});
    doc.head.appendChild(scriptNode);  //line giving the error
    ret = JSON.parse(scriptNode.innerHTML);
    scriptNode.parentNode.removeChild(scriptNode);
    delete (scriptNode);
    if (ret.throwValue)
        throw (ret.callResult);
    else
        return (ret.callResult);
};

For completeness I also add the createScriptNode function which is invoked by the previous one:

var createScriptNode = function (doc, opts) {
    if (!opts)
        opts = {};
    var scriptNode = doc.createElement('script');
    scriptNode.type = "text/javascript";
    if (typeof opts.innerHTML == 'string')
        scriptNode.innerHTML = opts.innerHTML;
    if (typeof opts.src == 'string')
        scriptNode.src = opts.src;
    if (typeof opts.id == 'string')
        scriptNode.id = opts.id;
    return scriptNode;
};
MaCeDev
  • 11
  • 2
  • See [this answer](/a/9517879) that lists MV3-compatible methods. Note that for the goal you stated there's no need to use a script element or inline js. – wOxxOm Mar 31 '22 at 09:59

0 Answers0