the script of my first GC extension doesn't work when loaded as .crx . i've checked the debugging section and this is my error:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://www.lolking.net/".
popup.html:8
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://www.lolking.net/".
popup.html:9
so i guess the error is from the manifest.json file:
{
"name": "LolKing Searcher",
"version": "1.1",
"manifest_version": 2,
"description": "Search your LoL profile",
"content_security_policy": "script-src 'self' https://www.lolking.net/; object-src 'self'",
"permissions": [
"tabs",
"http://*/*/"
],
"content_scripts": [
{
"matches": ["http://*/*/","https://*/*/"],
"js": ["popup.js"]
}
],
"browser_action": {
"default_title": "LolKing Searcher",
"default_icon": "icon.png",
"default_popup": "popup.html"
}
}
also every advice is well accepted!
The error, as it says in the error itself, is in your popup.html file. You can't have any inline code in html files, that includes inline event handlers like onclick="dosomething()". Move all of your inline code to an external file.
Example:
popup.html
<head>
<script src="popup.js"></script>
</head>
<body>
<input type="text" id="userText" placeholder="Enter Summoner's name" />
<input type="button" id="button" value="Search"/>
</body>
popup.js
window.onload = function(){
document.getElementById("button").addEventListener("click",check,false);
};
function check(){
var val = document.getElementById("userText").value;
if(val != ""){
var url="http://www.lolking.net/search?name=" + val;
chrome.tabs.create({url:url});
}
else
alert("Please enter a name");
}
Also you need to remove your content scripts section because you are trying to inject your popup code into every page which just doesn't make any sense.
Related
I'm trying to create a chrome extension, so I'm doing tutorials to learn and reading a bunch, but I'm struggling. I'm doing this tutorial. But long-term, from the extension I need users to be able to login to their account, then as they're browsing, send the url that they're at to their account.
popup.html
<!doctype html>
<html>
<head>
<title>Add a Snippet</title>
<script src="popup.js"></script>
<link rel="stylesheet" type="text/css" href="popup.css">
</head>
<body>
<h1>Add a Snippet</h1>
<form id="form">
<textarea id="code"></textarea>
<button type="submit" id="checkPage">Add Snippet</button>
</form>
</body>
</html>
popup.js
What I REALLY don't understand is that according to the console.log lines that I have in there and the error, it's loading the DOMContent, and it doesn't have any problem with finding the form by the id (let f = document.getElementById('form');). But it bombs when I try to attach an event listener?
document.addEventListener('DOMContentLoaded', function() {
console.log('the domcontentloaded');
let f = document.getElementById('form');
f.addEventListener('submit', function(e){
console.log('the form was submitted');
e.preventDefault();
})
}, false);
manifest.json
{
"name": "My Awesome Plugin",
"description": "This extension will be awesome",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html",
"default_title": "This is Awesome"
},
"background": {
"scripts": ["jquery-2.2.3.min.js", "background.js","popup.js"],
"persistent": false
},
"permissions": [
"activeTab",
"declarativeContent",
"https://ajax.googleapis.com/",
"storage",
"tabs",
"http://*/*",
"https://*/*"
],
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["login.js"]
}
],
"manifest_version": 2
}
login.js
console.log('login.js is ready to party');
When I load, I get this in the background inspector (or whatever it's called). So it's not finding the form.
So I looked at the elements, and I'm confused because it's not showing the form or the textarea. But when I click on the chrome extension icon, it's there.
1/Remove popup.js from "background/scripts" section of your manifest.
2/Add popup.js as a script reference in your popup.html file.
This way, popup.js will operate in the context of the popup.html DOM.
I want to display a Amazon Affiliate Widget Code in the popup section of a chrome extension.
The manifest.json looks like this(Copied as it is from Google Repository):
{
"manifest_version": 2,
"name": "Getting started example",
"description": "This extension shows a Google Image search result for the current page",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"permissions": [
"activeTab",
"https://ajax.googleapis.com/"
]
}
The backgroung.js is blank.
The Popup.html looks like this:
<html>
<head>
<title>
Amazon
</title>
</head>
<body>
<h1>Amazon Search</h1>
<script charset="utf-8" type="text/javascript">
amzn_assoc_ad_type = "responsive_search_widget";
amzn_assoc_tracking_id = "smart0e-21";
amzn_assoc_marketplace = "amazon";
amzn_assoc_region = "IN";
amzn_assoc_placement = "";
amzn_assoc_search_type = "search_widget";
amzn_assoc_width = "auto";
amzn_assoc_height = "auto";
amzn_assoc_default_search_category = "";
amzn_assoc_default_search_key = "";
amzn_assoc_theme = "light";
amzn_assoc_bg_color = "FFFFFF";
</script>
<script src="//z-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetScript&ID=OneJS&WS=1&MarketPlace=IN"></script>
</body>
</html>
I am new to this extension development and also new to HTML.
Please help me, I want to run the search widget in the popup.
This is what happens when I click on the Extension.
http://i.stack.imgur.com/V3gK2.png
Thanks.
You can't link to external links in the popup.html file. Instead, you should add a separate javascript file to your extension's background and call the widget's script from there.
Your manifest will look something like this (don't forget to add Content-Security-Policy rules):
{
"manifest_version": 2,
"name": "Getting started example",
"description": "This extension shows a Google Image search result for the current page",
"version": "1.0",
"browser_action": {
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"background" : {
"scripts" : [ "background.js" ],
},
"content_security_policy" : "script-src 'self' 'unsafe-eval' http://z-in.amazon-adsystem.com; object-src 'self'",
"permissions": [
"activeTab",
"https://ajax.googleapis.com/",
"http://z-in.amazon-adsystem.com/"
]
}
Your background.js file can call the script in an iframe:
(function() {
var widget = document.createElement('iframe');
widget.src = "//z-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&Operation=GetScript&ID=OneJS&WS=1&MarketPlace=IN";
widget.id = 'widget';
document.body.appendChild(widget);
//assign your widget variables
})();
And your popup.html can just have a script link to your background file:
<script type="text/javascript" src="../background.js"></script>
I haven't tested this, but it's the general gist of how to run external scripts in your extension.
I'm working on building a Chrome extension for a forum, but the problem is the JavaScript for my popup.html won't do anything. I added alert("popup.js running...") at the top and it does come up but then my popup doesn't display at all. This is a problem because JavaScript is going to be required for the popup page. I'm kind of lost, so I'm assuming I'm just missing something that is preventing my JavaScript from running. I heard the AdBlock extension would prevent it from running but I removed that and it still didn't work. Anyone see a problem?
manifest.json
{
"name": "Riggy",
"short_name": "Riggy",
"description": "Create your own Roblox Forum signature with Riggy!",
"version": "0.0.1",
"manifest_version": 2,
"browser_action": {
"default_popup": "popup/popup.html"
},
"permissions": [
"storage"
],
"content_scripts": [
{
"matches": ["http://www.roblox.com/*"],
"js": ["scripts/jquery.js", "scripts/content.js"]
}
]
}
popup.html
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="popup.css" />
<script type="text/javascript" src="scripts/jquery.js"></script>
</head>
<body>
<span class="title">Riggy</span><br />
<span>Signature: </span><input name="siggy" id="siggy" value="Riggy is greatness!" />
<span id="output">[output]</span>
<script type="text/javascript" src="popup.js"></script>
</body>
</html>
popup.js
alert("popup.js running");
$(document).on("ready", function() {
var siggy = $("#siggy");
var output = $("#output");
function message(text) {
output.html(text);
}
siggy.change(function() {
chrome.storage.sync.set({"siggy": siggy.val()}, function() {
message("Saved signature.");
});
});
message("Riggy is ready!");
});
I had the same exact problem with an extension of mine, I believe it was fixed after I added this to the manifest file.
manifest.json
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
More info here: http://developer.chrome.com/extensions/contentSecurityPolicy.html.
I am currently writing a chrome extension. This is the manifest:
{
"manifest_version": 2,
"name": "whatever",
"short_name": "whocares",
"description": "blabla",
"version": "1.0.2",
"author": "me",
"permissions": [
"http://ajax.googleapis.com/"
],
"content_scripts": [
{
"matches": ["https://plus.google.com/*"],
"js": ["jquery-1.10.2.min.js","filter.js","settings.js","settings.html"]
}
],
"options_page": "settings.html",
"browser_action": {
"default_icon": "nicepic.png"
}
}
This is the options.html page:
<html>
<head>
<script type="text/javascript" src="settings.js"></script>
</head>
<body onload="CollectSettings()">
<h2>Options:</h2>
<form>
(some stuff)
</form>
</body>
</html>
The following error is thrown:
Refused to execute inline event handler because it violates the
following Content Security Policy directive: "script-src 'self'
chrome-extension-resource:".
CollectSettings() is a function within the settings.js
I thought there are only JS-Limitations of that kind in background - Scripts, not on the options-Page?
The Chrome Extensions Content Security Policy (CSP), which among other things prevents the execution of inline JavaScript, applies to the background-page and all views of an extension (including any popup's).
In fact, the example used in the section Inline JavaScript will not be executed is a typical case where those restrictions are effective on a browser-action popup.
Thanks for taking the time to read this.
Here is the directory of my extension folder.
And here is the manifest code :
{
"manifest_version": 2,
"name": "Technobuffalo Stories",
"description": "Your Description about Extension goes here",
"version": "1.0",
"content_scripts": [ {
"js": [ "popup.js" ],
"matches": [ "http://feeds.feedburner.com/*" ]
} ],
"permissions": [ "http://feeds.feedburner.com/*" ],
"browser_action": {
"default_icon": "icon_16.jpeg",
"default_popup": "popup.html"
}
}
Here is popup.html :
<html>
<head>
<title>Technobuffalo Stories
</title>
<script type="text/javascript" src="https://www.google.com/jsapi"></script>
<script src="popup.js"></script>
</head>
<body>
<div id="feed" style="background-color:orange;height:500px;width:500px;" ></div>
</body>
</html>
and last of all here is popup.js :
google.load("feeds", "1");
function initialize() {
var feed = new google.feeds.Feed("http://feeds.feedburner.com/technobuffalo/rss?format=xml");
feed.load(function(result) {
if (!result.error) {
var container = document.getElementById("feed");
for (var i = 0; i < result.feed.entries.length; i++) {
var entry = result.feed.entries[i];
var div = document.createElement("div");
div.appendChild(document.createTextNode(entry.title));
container.appendChild(div);
}
}
});
}
google.setOnLoadCallback(initialize);
When I open the popup.html file as it is, the required result is displayed but when I load the Chrome extension, only the background color of the div can be seen. Is there any problem with the permissions that I have set or is it something else?
Thanks,
Yash.
You have to add the following line to manifest.json to be able to use resources from www.google.com:
"content_security_policy": "script-src 'self' https://www.google.com; object-src 'self'"
As Rob W already pointed out this is a security feature that has been introduced with manifest version 2.