how to run unsafe-inline in a web page, not in chrome extension page
Question
the web page code is here:
<a id="pagerBottomNew_nextButton" title="下一页" class="Search_page-cut" href="javascript:__doPostBack('pagerBottomNew$nextButton','')"><i class="Common_icon Common_icon_caret_right_large"></i></a>
ny content page code is here:
let event = new MouseEvent("click", { "bubbles": true, "cancelable": true });
let ele = document.querySelector(request.args.target);
if (ele != null) ele.dispatchEvent(event);
sendResponse({ type: 'done' });
when execute the
ele.dispatchEvent(event);
chrome report the message:
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
the web page is from a commercial web site, how to simulate the click event without breaking the CSP.
2 answers
solution1
0 2022-10-29 14:59:18
to fix your problem, use this:
"content_security_policy": {
"extension_pages": "default-src 'self'; style-src 'self' 'unsafe-inline'"
}
The "style-src" part, might not need, but it's helpful. for more information read here .
solution2
0 2023-01-26 08:36:41
LeonTM's answer is literally correct, but you should not do this (unless you really know what you are doing) as enabling 'unsafe-inline' will allow injection attacks.
I'd recommend people to read this article before enabling this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.