i am trying to inject script to a site with chrome extension manifest v3 to do someworks with site's window object,like disable alert or sniff xmlHttpRequests and listens to them and their response. so when i'm using this code in Content.js :
Content.js :
const alertScript = document.createElement('script');
alertScript.innerHTML = `window.alert=function(){console.log('alert disabled!')};`
document.head.appendChild(alertScript);
But it didn't work and this error was in console :
Refused to execute inline script because it violates the following Content Security
Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword,
a hash ('sha256-UVElatCQi2odTlw3V21Lr91ia1hU68fiNgVYG5EZibk='),
a nonce is required to enable inline execution.
p.s : In manifest v2 , i don't have this problem and easily can inject scripts without any error.But in manifest v3 i have this problem.
Am i need a permission or do something ??
thanks for your help ..
1 Answer 1
MV3 imposes new restrictions that limit an extension's ability to execute unreviewed JavaScript through a combination of platform changes and policy limitations.
An 'unsafe-inline' token is ignored in manifest v3, so there is no way to execute inline scripts.
Don't use inline scripts, you can do exactly the same in a separate file.
Comments
Explore related questions
See similar questions with these tags.