I'm making an extension for firefox/chrome however I'm running into a CSP problem.
Indeed my extension retrieves on a web page an array that contains a
<a href="#" onclick="my_function('1234')">1234</a>
I need this href to call my function with a variable, but I get the following error :
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à inline (« script-src »).
I have put this on my manifest.json
"content_security_policy": "script-src 'self; object-src 'self'",
"content_scripts": [{
"matches": ["<all_urls>"],
"all_frames": true,
"js": ["jquery.min.js", "config.js", "content.js"]
When I put unsafe-inline
, I have this Chrome/Firefox say that unsafe-inline
isn't support
Thank for your help