Ad

Problems With CSP In The Manifest.json File

the script of my first GC extension doesn't work when loaded as .crx . i've checked the debugging section and this is my error:

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://www.lolking.net/". popup.html:8

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://www.lolking.net/". popup.html:9

so i guess the error is from the manifest.json file:

{
"name": "LolKing Searcher",
"version": "1.1",
"manifest_version": 2,
"description": "Search your LoL profile",
 "content_security_policy": "script-src 'self' https://www.lolking.net/; object-src 'self'",
"permissions": [
    "tabs",
    "http://*/*/"
],

 "content_scripts": [
{
  "matches": ["http://*/*/","https://*/*/"],
  "js": ["popup.js"]
}
],

 "browser_action": {
    "default_title": "LolKing Searcher",
    "default_icon": "icon.png",
    "default_popup": "popup.html"
}
}

also every advice is well accepted!

Ad

Answer

The error, as it says in the error itself, is in your popup.html file. You can't have any inline code in html files, that includes inline event handlers like onclick="dosomething()". Move all of your inline code to an external file.

Example:

popup.html

<head>
  <script src="popup.js"></script>
</head>
<body>
  <input type="text" id="userText" placeholder="Enter Summoner's name"  />
  <input type="button" id="button" value="Search"/>
</body>

popup.js

window.onload = function(){
  document.getElementById("button").addEventListener("click",check,false);
};
function check(){
  var val = document.getElementById("userText").value;
  if(val != ""){
    var url="http://www.lolking.net/search?name=" + val;
    chrome.tabs.create({url:url});
  }
  else
    alert("Please enter a name");
}

Also you need to remove your content scripts section because you are trying to inject your popup code into every page which just doesn't make any sense.

Ad
source: stackoverflow.com
Ad