11

I'm trying to migrate my Chrome extension from Manifest 2 to Manifest 3 but I'm getting the following error

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-ClANdr6bWuUdXWELI09IBiITbU5zbvg6V1dZp9mr55Q='), or a nonce ('nonce-...') is required to enable inline execution.

For the code

enter image description here

I have tried to add

"content_security_policy": {
    "extension_page": "script-src 'self' 'sha256-ClANdr6bWuUdXWELI09IBiITbU5zbvg6V1dZp9mr55Q='"
},

to Manifest but it didn't help

How can I solve it?

user924
  • 8,146
  • 7
  • 57
  • 139
  • 1
    Extensions can't set textContent or innerHTML of a script element. See [this answer](https://stackoverflow.com/a/9517879) for alternatives. – wOxxOm Jul 10 '22 at 08:47
  • @wOxxOm yes, I had `elementScript.text = ....`, I replaced it with `Method 1: Inject another file - ManifestV3 compatible` from that answer, put everything in external file instead. Thanks – user924 Jul 10 '22 at 09:21
  • 4
    @user924 facing similar issue. do you know solution, could you post as answer – ankitd Aug 19 '22 at 06:35
  • 1
    Does this answer your question? [Access variables and functions defined in page context using a content script](https://stackoverflow.com/questions/9515704/access-variables-and-functions-defined-in-page-context-using-a-content-script) – fregante Mar 03 '23 at 07:58

1 Answers1

-1

MV3 extensions cannot execute arbitrary stringified scripts, however you can "inject functions" from the background page via the chrome.scripting.executeScript API. For example:

chrome.scripting.executeScript(tabId, {
  func: () => {
    alert('hi')
    // The rest of the JS code, not a string
  }
})
fregante
  • 29,050
  • 14
  • 119
  • 159