Use eval() in a Chrome chrome-extension:// page -


i know may me being stupid, in chrome tab has page loaded url begins chrome-extension://, can scripts online or use eval();? know browser or page actin oopups or app windows can't use it. part of extension opens normal new tab page uses eval();.

all pages running @ chrome-extension:// origin subject default content security policy described here, specifically:

script-src 'self'; object-src 'self'

a popup considered such page, too, invisible background page. if open file extension, subject too.

you can either:

  • relax (or tighten) default policy pages manifest:

    "content_security_policy": "[policy string goes here]"

    this way can allow eval , friends adding 'unsafe-eval' script-src.

    you can allow loading external scripts adding origin policy; however, https origins allowed mitm protection reasons.

    however, it's important remember 'unsafe-inline' ignored regardless of custom policy.

  • relax (or tighten) default policy specific page declaring sandboxed.

    "sandbox": {   "pages": [     "page1.html",     "directory/page2.html"   ]   // content_security_policy optional.   "content_security_policy":       "sandbox allow-scripts; script-src https://www.google.com" ],

    sandboxed csp can more permissive, still there couple of restrictions.

    the price of sandboxing losing access chrome api. sandboxed script has communicate via dom messages privileged pages privileged things.

    there's guide in documentation, "using eval in chrome extensions. safely."

for apps, situation bit different. again, default (and more restrictive) csp applies, you cannot modify in manifest.

sandboxing approach still works, though.


-

Popular posts from this blog

c# - ODP.NET Oracle.ManagedDataAccess causes ORA-12537 network session end of file -

overview i want replace oracle.dataaccess orcale. managed dataaccess, opening connection latter throws ora-12537 network session end of file exception. exception message / stack trace {oracleinternal.network.networkexception (0x000030f9): ora-12537 : netzwerksession: dateiende @ oracleinternal.network.readerstream.read(orabuf ob) @ oracleinternal.ttc.orabufreader.getdatafromnetwork() @ oracleinternal.ttc.orabufreader.read(boolean bignoredata) @ oracleinternal.ttc.marshallingengine.unmarshalub1(boolean bignoredata) @ oracleinternal.ttc.ttcprotocolnegotiation.readresponse()} i trying connect oracle 11g database , not have client installed on local machine. working test application (unmanaged) using oracle.dataaccess works fine . using system; using oracle.dataaccess.client; namespace app.odp.unmanaged { internal class program { private static void main(string[] args) { //dummy connection string
Read more

matlab - Compression and Decompression of ECG Signal using HUFFMAN ALGORITHM -

i want compress , decompress ecg signal stored text message text file , find out file size, cr,prd ratio,and qs. here code compression , decompression of ecg signal using huffman algorithm. i'm trying find out file size, compression ratio,prd ratio,qs. but error i'm getting the ecg file in text format. %clearing variables , screen enter code here clear all; close all; clc; [file1]=uigetfile('*.txt'); %fprintf('enter ecg file name :%s',file1); p=file1; t=sprintf('%s',p); b1=dlmread([file1]); len=length(b1); lead=input('enter lead number :'); %lead=str2double(lead); col2=b1(1:end,lead); e=fix(sqrt(len)); m=1; i=1:e j=1:e g2(i,j)=fix(col2(m)*1000); %amplifying 1000 m=m+1; end end g3=g2; i=1:e j=1:e
Read more

utf 8 - split utf-8 string into bytes in python -

i trying split utf-8 string bytes in python 3. problem is, when use bytearray, byte, encode etc functions array size of element 14 bytes, not 1 byte expected. need split text file sequence of bytes , send them byte after byte using sockets. tried this: infile = open (file, "r") str = infile.read() byte_str = bytes(str, 'utf-8') print("size of byte_str",sys.getsizeof(byte_str[0])) print gives me 14, need 1... suggestion? quoting official documentation : sys.getsizeof(object[, default]) return size of object in bytes. object can type of object. built-in objects return correct results, not have hold true third-party extensions implementation specific. only memory consumption directly attributed object accounted for, not memory consumption of objects refers to. if given, default returned if object not provide means retrieve size. otherwise typeerror raised. getsizeof() calls object’s __sizeof__ method , adds
Read more