Javascript throwing : Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'
Question
I'm newbie in google chrome extention delveopment. I'm trying to develop a simple extension and i keep getting the error above.
my manifest:
{
"name": "set my favourties",
"description" : "just another super awesome plugin",
"version" : "0.1",
"background": {
"page": "backround.html"
},
"manifest_version": 2,
"content_security_policy": "script-src 'self' https://www.google.com; object-src 'self'",
"browser_action" :{
"popup" : "popup.html",
"default_icon" : "icon.gif"
},
"permissions" : ["notifications"]
}
the html code:
<html>
<head>
<script src = "backround.js">
</script>
</head>
<body onload = "loadHandler()">
</body>
</html>
and the js:
function loadHandler(){
window.webkitNotifications.createNotification("icon.gif","Plugin Loaded","it was loaded").show();
}
thanks in advance
Nir
2 answers
solution1
17 ACCPTED 2013-03-27 11:37:19
If this wasn't a Chrome extension, you could add but you should avoid using inline event handlers at all. 'unsafe-inline' to the list of acceptable places to load scripts from,
Replace (in the HTML):
onload = "loadHandler()"
with (in the script):
window.addEventListener('load', loadHandler);
solution2
6 2013-03-28 20:41:46
Correct. This is documented here: http://developer.chrome.com/extensions/tut_migration_to_manifest_v2.html#inline_scripts
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.