https://stackoverflow.com/questions/21141427
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou should indeed put your code into a content script. If you insert a <script> tag into a page then it works exactly the same as if the web page itself inserted it. The browser has no way of knowing that this code belongs to your extension. What's worse, this code isn't safe from manipulations by the webpage - e.g. the webpage can redefine window.alert() method and your code won't be able to show messages. Extension code and content scripts on the other hand aren't affected by this, these see only the raw DOM objects without any JavaScript-induced changes.
CSP and browser extensions
-
28-09-2022 - |
Question
According to Wikipedia in "Browser Add-Ons and Extensions Exemption" section:
CSP should not interfere with the operation of browser add-ons or extensions installed by the user...
But unfortunately it is blocking external scripts, injected by my add-on.
I can always put this injected code in to the content script. But I'm wondering if there is another way to overcome this.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
