Hi there,
I've been using Plasmo for sometime and everything is working correctly but now I'm having a CSP problem:
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
The extension I've created capture clicks in a page, process them and then send it to the target element:
const targetElement = event.target;
const newEvent = new MouseEvent(event.type, {
bubbles: true,
cancelable: true,
view: window,
clientX: event.clientX,
clientY: event.clientY,
screenX: event.screenX,
screenY: event.screenY,
});
targetElement.dispatchEvent(newEvent);
This is where the error occur. It only happens in a few elements and I think this is because the event listener on that page was added inline.
I've tried to add the code above dynamically in the page to see if it would solve the problem but it didn't:
const script = document.createElement('script');
script.src = chrome.runtime.getURL("contents/injectedContent.js");
;(document.head || document.documentElement).appendChild(script);
Does anyone know how to overcome this problem?
Thanks!
0 Replies