Javascript throwing : Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'

Question

I'm newbie in google chrome extention delveopment. I'm trying to develop a simple extension and i keep getting the error above.

my manifest:

{
  "name": "set my favourties",
  "description" : "just another super awesome plugin",
  "version" : "0.1", 
    "background": {
    "page": "backround.html"
  },

   "manifest_version": 2,
    "content_security_policy": "script-src 'self' https://www.google.com; object-src 'self'",

   "browser_action" :{
     "popup" : "popup.html",
     "default_icon" : "icon.gif"
     },

     "permissions" : ["notifications"]
 }

the html code:

<html>
<head>
<script src = "backround.js">

</script>
</head>
<body onload = "loadHandler()">

</body>
</html>

and the js:

  function loadHandler(){
  window.webkitNotifications.createNotification("icon.gif","Plugin Loaded","it was loaded").show();

   }

thanks in advance

Nir

Answer 1

If this wasn't a Chrome extension, you could add 'unsafe-inline' to the list of acceptable places to load scripts from, but you should avoid using inline event handlers at all.

Replace (in the HTML):

onload = "loadHandler()"

with (in the script):

window.addEventListener('load', loadHandler);

Answer 2

Correct. This is documented here: http://developer.chrome.com/extensions/tut_migration_to_manifest_v2.html#inline_scripts