Your problem is using inline scripting (e.g. <button onclick="command('bacpac','PW','%00')">
)
This is disallowed by Chrome's Content Security Policy for apps/extensions, and you cannot override this.
You'll have to purge your index.html
of all inline code and add handlers (or indeed, buttons) from a script. Example in the Chrome docs.