Content Security Policy Error triggered by Iframe Source Running Script in Web Extension

My web extension for Firefox utilizes a content script to add HTML to a webpage when a button is clicked. The injected HTML includes an iFrame nested in multiple div elements.

Below is the relevant part of the content script:

var iFrame = document.createElement("iFrame");
iFrame.id = "contentFrame";
iFrame.style.cssText = "width: 100%; height: 100%; border: none;";
iFrame.src = browser.extension.getURL("inject-content/inject.html");

var boxDiv = document.createElement("div");
boxDiv.style.cssText = "left: calc(100% - 390px); position: fixed; top: 0px; width: 390px; z-index: 1;"

var zeroDiv = document.createElement("div");
zeroDiv.style.cssText = "position: fixed; width: 0px; height: 0px; top: 0px; left: 0px; z-index: 2147483647;";

var outerDiv = document.createElement("div");
outerDiv.id = outerDivID;

boxDiv.appendChild(iFrame);
zeroDiv.appendChild(boxDiv);
outerDiv.appendChild(zeroDiv);
document.body.appendChild(outerDiv);

The iFrame's source is an "inject.html" file that contains a script tag linking to a javascript library named "perfect-scrollbar.js". Additionally, there's inline javascript using this library. Here's the link to the perfect scrollbar library: https://github.com/utatti/perfect-scrollbar

Opening the "inject.html" directly in Chrome works fine, but running it through my Firefox extension triggers an error related to Content Security Policy restricting inline scripts.

Error Message: Content Security Policy blocked the loading of a resource ("script-src").

Source: console.log("hello world");

va....

After researching Mozilla's documentation on Content Security Policy, I learned that allowing some inline Javascript by providing a sha-256 hash of the script could resolve the issue. However, even after generating and implementing the hash in the manifest.json file, the error persisted.

I'm seeking a solution to execute inline Javascript without errors. Is it achievable without using a hash? Can I transfer all inline Javascript from "inject.html" into the content script file itself considering Firefox doesn't support import statements? If yes, how can I accomplish this effectively without tools like Babel?

javascriptfirefox-addon-webextensionscontent-security-policycontent-script

Answer №1

Although the webpage mentions allowing trailing/leading whitespace, I encountered problems with that. The workaround was to place all my code on a single line (and recalculate the base 64 SHA-256 hash).

<script>console.log("Greetings Earth");var customScrollbar = new CustomScrollbar("#wrapper",{suppressScrollX: true});</script>

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Combining duplicate key-value pairs in a JSON object into an array using JavaScript

Is it possible to merge value objects with the same key but different values? For example, in this case, "field_template_id": 2 appears twice with different values. This is the original JSON data: { "id": "c2dec94f", "data": [ { "field_temp ...

javascriptjqueryjsonlodash

Getting row data from ag-grid using the angular material menu is a straightforward process

I have a specific requirement in ag-grid where I need to implement a menu to add/edit/delete row data. Currently, I am using the angular material menu component as the cell template URL. However, I am facing an issue where when I click on the menu item, it ...

javascriptangularjsangular-materialag-grid

Utilize JavaScript to parse HTML content retrieved through AJAX requests

My current project involves writing JavaScript code, specifically a Chrome extension, that needs to: Retrieve the contents of a web page using AJAX. Extract specific content from the page by identifying certain elements within the HTML string and retriev ...

javascripthtmlajax

Encountering a 404 error indicating that the file cannot be found while attempting to log into an authentication system developed using express and node

Currently, I am in the process of developing a demonstration banking application that facilitates user sign up and sign in functionality using express.js and node.js. The API created accepts POST requests to /signup and /authenticate routes successfully wh ...

javascriptjquerynode.jsajaxexpress

Updating variable storage in React components

This is a project built with Next.js and React. Below is the folder structure: components > Navbar.js pages > index.js (/ route)(includes Navbar) > submitCollection.js (/submitCollection)(includes Navbar) The goal is to allow users to inpu ...

javascriptreactjsreact-routernext.jsuse-state

Display all saved bookmarks by utilizing JavaScript

How can I utilize Javascript to display a complete list of my bookmarks? Any advice on achieving this would be greatly appreciated. Thank you in advance. ...

javascriptbookmarks

Executing a CRM javascript button triggers a request to a JSON URL and extracts a specific value

My current task involves creating a button in JavaScript due to system limitations preventing the use of HTML. This button should navigate to a specific URL (REST API to retrieve a JSON file). Furthermore, upon clicking the button, I aim to display an aler ...

javascriptjqueryjsonapicrm

Utilizing JavaScript to enable HTML checkbox to be checked automatically

I am currently working on a constructor that generates checkboxes within a loop. My issue lies in attempting to set these checkboxes as checked, however, it doesn't seem to be functioning correctly. Below is the code snippet: funct ...

javascripthtmlcheckbox

Converting JavaScript to JSON and saving dynamic properties

Having a basic knowledge in JavaScript, I am attempting to extract data from users and utilize it as JSON properties in the following format: <th colspan="2"><input id="dc_name" name='dc[name]'></input></th> $ ...

javascriptjqueryjson

The issue arises in Selenium IDE when a variable is mistakenly identified as a string instead of a

Hey there, I've encountered an issue while using Selenium IDE. I'm trying to increment a variable by two, but instead of performing numerical addition, it seems to be concatenating strings. <tr> <td>store</td> <td> ...

javascriptselenium

Navigating in React: How to Implement the Same Route for Different Scenarios Without Compromising Your Application

I'm facing a frustrating issue while trying to incorporate Redux state management and React Router. Despite searching extensively online, I can't seem to find a solution. My Redux state, named user, stores the details of a logged-in user. Upon l ...

javascriptreactjsreact-routerrouter

Creating a Paytm payment link using API in a React Native app without the need for a server

Suppose a user enters all their details and the total cost of their order amounts to 15000 rupees. In that case, the app should generate a Paytm payment link for this amount and automatically open it in a web view for easy payment processing. Any suggesti ...

javascriptnode.jsreactjsreact-nativepayment

bespoke HTML elements and properties

I'm currently facing some difficulties and I am unsure of how challenging it can be. I have tried following various tutorials, including those on SO and YouTube, but they all provide different approaches leaving me stuck. My goal is to create a custo ...

javascripthtml

Transforming an HTML Attribute into a JavaScript Object

I'm encountering an issue with converting an HTML-data attribute into a JavaScript Object. Here is my approach: The data Attribute appears as: <a id="stringObj" data-string="{'Foo':'Bar'}">Some A-Tag</a> In JavaScri ...

javascriptjqueryjson

What is the process of integrating Bootstrap into a Node project?

I recently set up a MEAN stack project using npm and am currently including Bootstrap via CDN: link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css') However, I want to add Bootstrap using ...

javascriptnode.jstwitter-bootstrapnpmnpm-install

Could not locate the provider: $stateProvider

It's puzzling to me why this code is not recognizing the $stateProvider. Uncaught Error: [$injector:modulerr] Failed to instantiate module app due to: Error: [$injector:unpr] Unknown provider: $stateProvider This is a simple example of a module: ( ...

javascripthtmlangularjs

Customize the appearance of a shadow-root element

Is there a way to modify the styles of a shadow element? Specifically, is it possible to extend or overwrite certain properties within a CSS class? I am currently using a Chrome extension called Beanote, which has not been updated since April 2017. There i ...

javascriptcssweb-componentshadow-dom

I seem to be having trouble getting innerHTML to function properly

Whenever I attempt to showcase HTML code from a DIV element, the innerHTML function fails to retrieve its contents: <div id="container"> <tr> <td style="background-color: #ffffff;">TEST</td> </tr> </div> ...

javascriptjqueryhtml

Is there a way to begin using the :nth-child() selector from the last element instead of the first?

$('button').click(function(){ $('ul').find('li:nth-child(2)').css('color', '#f00') }) <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <ul> < ...

javascriptjquery

I have implemented a button in PHP and now I am looking to invoke a function when that button is clicked

I have a PHP-generated HTML button and I'm having trouble calling the mybtn3() function when it is clicked. The button code looks like this: echo"<td width=14% align=center><input type=button value=Export onclick=mybtn3() /></td>"; ...

javascriptphphtml