该扩展名不起作用,因为它显示以下内容:
拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令:“ script-src'self'blob:filesystem:”。要启用内联执行,需要使用'unsafe-inline'关键字,哈希('sha256 -...')或随机数('nonce -...')。
我尝试删除所有内联js,但是它将body标记作为内联脚本。
html:
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body onload="load()">
<h1>
BACKGROUND OPTIONS
</h1>
<input type = "text" id = "text" value = "" />
<br>
<button id="save"">
SAVE
</button>
<br>
<h1>
I MAGE:
</h1>
<img id="imgid">
</body>
</html>
<script src="options.js"></script>
</body>
</html>
json:
{
"manifest_version": 2,
"name": "My Extension",
"version": "3",
"options_page": "options.html",
"content_security_policy": "script-src 'self' 'unsafe-eval' ; object-src 'self'",
"permissions": [
"topSites",
"chrome://favicon/",
"unlimitedStorage",
"topSites",
"identity",
"http://*/",
"https://*/",
"alarms",
"tabs",
"activeTab",
"management",
"storage",
"webNavigation",
"webRequest",
"webRequestBlocking",
"cookies",
"contextMenus",
"notifications",
"background"
],
"chrome_url_overrides" : {
"newtab": "page.html"
}
}
js:
document.getElementById("save").onclick = function(){
var select = document.getElementById("text");
var text = select.value;
localStorage["text"] = text;
var image = document.getElementById("imgid");
image.src = text;
}
function load() {
var load = document.getElementById("text");
load.value = localStorage["text"];
document.body.style.background = localStorage["text"];
var image = document.getElementById("imgid");
image.src = localStorage["text"];
}