How to install script -src in a Chrome batch application?

Question

How to install script -src in a Chrome batch application?

I am trying to create a Chrome batch application from a complex web application. I am currently getting the error message:

The built-in event handler was denied execution because it violates the directive of the content security policy: "default-src" self 'chrome-extension-resource: ". Note that' script -src 'was not explicitly set, therefore' default-src 'used as a reserve.

How do I explicitly set a policy in my manifest.json? I tried things like:

"content_security_policy": "default-src 'inline'; script-src 'inline'"

but I still get the same error message. Is my syntax incorrect or a red herring error?

+7

google-chrome-app

Ellen spertus May 18, '13 at 14:49

source share

3 answers

I had the same problem and, reading this document , I found the following:

 "sandbox": { "pages": ["sandboxed.html"] }

+1

Mcgege Jan 19 '15 at 6:37

source share

Take a look at this link, it pointed me in the right direction.

Access to web resources through http://developer.chrome.com/

0

TheRealJAG Oct 17 '13 at 22:24

source share

sowbug · Accepted Answer · 2013-05-18T21:55:51+0000

You cannot weaken the default CSP in a packaged application. If you are doing something like <button id="foo" onclick="doSomething()"> then you should instead add a separate JS file in HTML, where you execute document.querySelector("#foo").onclick = doSomething; in the onload handler. This will comply with CSP and make your application more resistant to XSS attacks.

How to install script -src in a Chrome batch application?

More articles: