Menu
I'm new to chrome extensions. I'm writing a little plug-in that zooms in a page when the user presses a button (very new). However, it won't run unless I allow unsafe scripts and it won't carry over to new pages, ostensibly because of the unsafe scripts. All I'm doing is zooming.
What I really want to know is, if it is not asking for information or directly accessing their computer, what makes a script unsafe?
826
There are three things making a script unsafe for Google extensions:
It's a common beginer mistake (I have made it). You can't put inline JavaScript statements. For example, you can't handle event this way:
<img src="myImage.jpg" onclick="doSomething()">
The correct way to do this is to do define an Id for your DOM element, the image in my example, and to set the event handler in a separate JavaScript file:
page.html:
<img src="myImage.jpg" id="myImage">
<script src="script.js"></script>
script.js:
//In vanilla Javascript :
document.getElementById("myImage").onClick(doSomething);
//In JQuery
$("#myImage").on("click", doSomething);
All functions that can evaluate String as JavaScript in the fly are unsafe.
So the eval function is not allowed, such as new Function("return something.value");
Only local scripts are safe. If you are using for example jQuery, you have to include the library in your extension. Loading external library via CDN links is considered as unsafe.
It's a quick overview, you can read more about this and have the explanations of this restrictions on Google Chrome extension Content Security Policy
186
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With