JavaScript 或 chrome.action.setIcon 在 chrome 扩展中不起作用

Question

I was making this extension that makes a warning when the battery level is low (not added battery part yet). Currently I am trying to make it so that buttons can change the icon of the extension so that later I can make it flash colors as a warning. I have no idea why this is not working, and it would be very nice if someone could help me. I also get this error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem:". Either the 'unsafe-inline' keyword, a hash ('sha256-mqcqEU/uq+7l/09r6PQ1PMjli3dMmm7Zm0fA+SedCWI='), or a nonce ('nonce-...') is required to enable inline execution.

HTML:

   <!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <title></title>
        <meta name="description" content="">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <link rel="stylesheet" href="/scripts/main.css">
        <script scr="scripts/main/js"></script>
    </head>
    <body>
        <button id="testRED" onclick="iconRED()">RED</button>
        <button id="testGREEN">GREEN</button>
    </body>
</html>

JS:

function iconRED() {
    chrome.action.setIcon.setIcon({path: "icons/iconRED.png"});
}
function iconGREEN() {
    chrome.action.setIcon.setIcon({path: "icons/iconGREEN.png"});
}

Manifest:

{
    "name": "Battery Warning",
    "description": "Battery Warning",
    "version": "1.0",
    "permissions": [
      "background",
      "storage"
    ],
    "background": {
      "service_worker": "scripts/background.js"
    },
    "browser_action": {
      "default_popup": "popup.html",
      "default_title": "Battery Warning",
      "default_icon": {
        "16": "/icons/icon.png",
        "32": "/icons/icon.png",
        "48": "/icons/icon.png",
        "128": "/icons/icon.png"
      }
    },
    "manifest_version": 2,
    "icons": {
      "16": "/icons/icon.png",
      "32": "/icons/icon.png",
      "48": "/icons/icon.png",
      "128": "/icons/icon.png"
    }
  }

Answer 1

The following page on the Chrome documentation about Content-Security Policy gives a few hints about what's going on: https://developer.chrome.com/blog/csp/#inline-code-is-considered-harmful . Here's the relevant extract:

This ban includes not only scripts embedded directly in script tags, but also inline event handlers and javascript: URLs. You'll need to move the content of script tags into an external file, and replace javascript: URLs and <a... onclick="[JAVASCRIPT]"> with appropriate addEventListener() calls.

You have indeed a onclick HTML attribute in the snippet you provided:

<button id="testRED" onclick="iconRED()">RED</button>

So the alternative, would be to attach the click event listener in JavaScript instead, with something like this (when the DOM is ready):

const redButton = document.getElementById('testRED');
redButton.addEventListener('click', () => / *your logic */);