Menu
Following is my code of HTML
Scripts:
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> <script src="background.js"></script> HTML:
<button name="btnlogin" id="btnlogin">Login</button><br/><br/> and following is js
$(document).ready(function(){ document.getElementById("#btnlogin").click(function(){ alert("s"); }); }); manifest file:
{ "manifest_version": 2, "name": "One-click Kittens", "description": "This extension demonstrates a 'browser action' with kittens.", "version": "1.0", "browser_action": { "default_icon": "icon.png", "default_popup": "popup.html" }, } I found that when I run this code simply in browser than alert appears properly but when I run it as a chrome extension it gives me following errors.
Uncaught ReferenceError: $ is not defined
and
Refused to load the script 'http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js' because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
I don't understand what are these errors. Please help me understanding the extension..
Thank you
616
Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting.
Content Security Policy blocks all resources that don't match it's policy. To view the policy for a specific website use the CSP Evaluator.
To edit the configuration, go to chrome://extensions and click Options under Content Security Policy Override. The text area in the Options automatically saves as you edit.
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unauthorized code on your site. To solve this issue, avoid using eval() , new Function() , setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.
In a Chrome extension, external script sources must be explicitly allowed by the extension's content security policy (CSP) in your manifest:
If you have a need for some external JavaScript or object resources, you can relax the policy to a limited extent by whitelisting secure origins from which scripts should be accepted...
A relaxed policy definition which allows script resources to be loaded from example.com over HTTPS might look like:
"content_security_policy":"script-src 'self' https://example.com; object-src 'self'"
Scripts can only be loaded into an extension over HTTPS, so you must load the jQuery CDN resource over HTTPS:
<script src="https://ajax.googleapis.com/..."></script> And add a modified CSP to your manifest to allow that HTTPS resource:
{ "manifest_version": 2, "name": "One-click Kittens", "description": "This extension demonstrates a 'browser action' with kittens.", "version": "1.0", "browser_action": { "default_icon": "icon.png", "default_popup": "popup.html" }, "content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'" } And even better solution for your particular case, however, would be to include jQuery in your extension locally, instead of loading from the Internet (for example, your extension currently won't work offline). Simply include a copy of jQuery in your extension folder and refer to it with a relative path in your script tag. Assuming your jQuery library and HTML popup file are in the same subdirectory, simply do:
<script src="jquery-x.y.z.min.js"></script> If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
