Breedlove: javascript - 'unsafe-eval' on chrome extension -

Saturday 15 September 2012

javascript - 'unsafe-eval' on chrome extension -

i trying run following:

chrome.tabs.oncreated.addlistener(function (tab){     if (tab.url.indexof(".salesforce.com/") != -1 || tab.url.indexof(".force.com/") != -1) {         chrome.tabs.executescript(tab.id, {             "file": "loadscript.js"         }, function () {             console.log("script executed .. ");         });     } else {         var wrongtab = chrome.i18n.getmessage("wrongtab");         console.log(wrongtab);         alert(wrongtab);     } });

which should (in theory), on page load run loadscript.js file.... loadscript.js file follows, should append file running page, not background page @ moment:

/* create scriipt element in head of html ,  set /soap/ajax/31.0/connection.js in src  */ var connectjsurl = "/connection.js";  function loadscript(url, callback) {     var head = document.getelementsbytagname("head")[0];     var script = document.createelement("script");     script.src = url;     var done = false;     script.onload = script.onreadystatechange = function() {         if (!done && (!this.readystate || this.readystate == "loaded" || this.readystate == "complete")) {             done = true;             callback();             script.onload = script.onreadystatechange = null;             head.removechild(script);         }     };     head.appendchild(script); }  loadscript(connectjsurl, function() {     console.log("script confirmed...") });  /* check see if file have been appended correctly , works correctly */ var jsfile = "chrome-extension://" + window.location.host + connectjsurl; var req = (window.xmlhttprequest) ? new xmlhttprequest() : new activexobject("microsoft.xmlhttp"); if (req == null) {     console.log("error: xmlhttprequest failed initiate."); }; req.onload = function() {      seek {         eval(req.responsetext);     }  grab (e) {         console.log("there error in script file.");     } };  seek {     req.open("get", jsfile, true);     req.send(null); }  grab (e) {     console.log("error retrieving   info httpreq. browsers  take cross-domain request http."); };

i still newbie chrome extensions , .js excuse me if have made stupid error :)

all getting following: refused evaluate string javascript because 'unsafe-eval' not allowed source of script in next content security policy directive: "script-src 'self' chrome-extension-resource:".

to prevent cross site scripting google has blocked eval function.

to solve add together code manifest.json

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"`,

please comment if need farther explanation

javascript google-chrome-extension

Breedlove

Saturday 15 September 2012

javascript - 'unsafe-eval' on chrome extension -

No comments:

Post a Comment