Login/Register
Execute javascript in Firefox extension popup
Asked Answered
javascriptfirefoxfirefox-addon-webextensions
S

1

7

I am currently taking my very first steps in extension development. At the moment I'm just trying to display some info in a popup that appears when I hit the button. The problem is that it is dynamic information, that I gather from a JSON-file on the internet. I could not get the data to show up in the pop-up however, and I've narrowed the problem down to the point that it just does not seem to run any Javascript at all...

I have a extremely simple code left:

manifest.json:

    {

  "manifest_version": 2,
  "name": "Test Extention",
  "version": "1.0",

  "description": "",

  "icons": {
    "256": "icon/button.png"
  },
  "permissions": [
    "activeTab",
    "storage"
  ],
  "browser_action": {
    "default_icon": {
      "200": "icon/button.png"
    },
    "default_title": "Test Extention",
    "default_popup": "popup/popup.html"
  }
}

popup/popup.html:

<html>
    <head>
        <meta charset="utf-8">
        <style>
        html,body{width:300px}
        </style>
    </head>
    <body>
        <div id="container"></div>
        <script>
        document.getElementById('container').innerHTML = 'testing';
        </script>
    </body>
</html>

When I run the html-file directly in firefox, it displays "testing" as expected. When I run the extension however, I get a empty pop-up when clicking the new button.

I have also tried putting the js-code in a function, and calling that with a button, to see if it needed some time before js-code can be run, but that does not work either.

I am sure it is something extremely simple I'm missing, but I cannot find anything on this...

Substructure answered 6/1, 2018 at 18:28 Comment(3)
check the console of the addon debugger (about:debugging) or the browser console (ctrl+shift+j).Fit
@Fit Thanks for the tip, I did not know the console in about:debugging. When I open the pop-up it creates a error: Content Security Policy: De instellingen van de pagina blokkeerden het laden van een bron op self (‘script-src moz-extension://b777829c-c282-42fd-829c-10b9c5e9332e’). Source: document.getElementById('container')..... It is in Dutch, but translates roughly to: Content Security Policy: the page settings blocked the loadingof a source on selfSubstructure
After searching on this error-message, I discovered that it is not possible to use js-code in the html-file itself. I have moved the code to its own js-file, and included it with <script src="..."></script>. This time, the text "testing" did appear. I'm going to try the next step, and get the data to be fetchd from an online json.Substructure
I
10

WebExtension APIs have a Content Security Policy applied to them by default. So it can't execute inline javascript code in popup HTML files.

Not only:

<script>
    document.getElementById('container').innerHTML = 'testing';
</script>

But also:

<button onclick="alert('hello')">Hello</button>

If you touched this rule, you can get some error message in Browser Toolbox and Add-on Debugger.

So, for fix this, use <script src="..."></script> rather than <script>...</script>.

Or, maybe set Unsafe inline script to content_security_policy key in manifest.json can fix this too. But MDN tells me:

Note: Valid examples display the correct use of keys in CSP. However, extensions with 'unsafe-eval', 'unsafe-inline', remote script, blob, or remote sources in their CSP are not allowed for extensions listed on addons.mozilla.org due to major security issues.

in this page. It seems that not good way.

Indult answered 15/1, 2018 at 5:25 Comment(1)
Combining your answer (using the <script src="..."></script> syntax) and another one enabling me to listen to a submit event in JavaScript, I was able to execute code when clicking a submit button linked to a form, without touching the content security policy of the extension. Thanks!Angieangil

© 2022 - 2024 — McMap. All rights reserved.