我无法将脚本注入带有 content.js chrome 扩展的站点
[英]i can't inject script to a site with content.js chrome extension
问题描述
i am trying to inject script to a site with chrome extension manifest v3 to do someworks with site's window object,like disable alert or sniff xmlHttpRequests and listens to them and their response.
我正在尝试将脚本注入带有chrome 扩展清单 v3的站点,以对站点的窗口对象执行一些操作,例如禁用警报或嗅探 xmlHttpRequests 并侦听它们及其响应。 so when i'm using this code in Content.js :所以当我在Content.js 中使用这段代码时:
Content.js :
const alertScript = document.createElement('script');
alertScript.innerHTML = `window.alert=function(){console.log('alert disabled!')};`
document.head.appendChild(alertScript);
But it didn't work and this error was in console :但它没有用,这个错误出现在控制台中:
Refused to execute inline script because it violates the following Content Security
Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword,
a hash ('sha256-UVElatCQi2odTlw3V21Lr91ia1hU68fiNgVYG5EZibk='),
a nonce is required to enable inline execution.
ps : In manifest v2 , i don't have this problem and easily can inject scripts without any error.But in manifest v3 i have this problem. ps:在 manifest v2 中,我没有这个问题并且可以轻松地注入脚本而没有任何错误。但是在 manifest v3 中我有这个问题。
Am i need a permission or do something ??我需要许可或做些什么吗??
thanks for your help ..感谢您的帮助 ..
1 个解决方案
解决方案1
0 2021-07-18 22:13:28
MV3 imposes new restrictions that limit an extension's ability to execute unreviewed JavaScript through a combination of platform changes and policy limitations. MV3 施加了新的限制,通过平台更改和策略限制的组合来限制扩展执行未经审查的 JavaScript 的能力。
An 'unsafe-inline' token is ignored in manifest v3, so there is no way to execute inline scripts.清单 v3 中会忽略'unsafe-inline'标记,因此无法执行内联脚本。
Don't use inline scripts, you can do exactly the same in a separate file.不要使用内联脚本,您可以在单独的文件中执行完全相同的操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.