Browse Source

fix: use default CSP

Gerald 8 years ago
parent
commit
12bbd191d6
3 changed files with 4 additions and 4 deletions
  1. 1 0
      scripts/webpack.conf.js
  2. 2 2
      src/injected.js
  3. 1 2
      src/manifest.json

+ 1 - 0
scripts/webpack.conf.js

@@ -74,6 +74,7 @@ targets.push(Object.assign({}, base, {
     // split vendor js into its own file
     new webpack.optimize.CommonsChunkPlugin({
       name: 'vendor',
+      minChunks: 2,
     }),
     new HtmlWebpackPlugin({
       filename: 'background/index.html',

+ 2 - 2
src/injected.js

@@ -691,7 +691,7 @@
       AddStyle(css) {
         if (document.head) {
           const style = document.createElement('style');
-          style.innerHTML = css;
+          style.textContent = css;
           document.head.appendChild(style);
         }
       },
@@ -784,7 +784,7 @@
   function inject(code) {
     const script = document.createElement('script');
     const doc = document.body || document.documentElement;
-    script.innerHTML = code;
+    script.textContent = code;
     doc.appendChild(script);
     try {
       doc.removeChild(script);

+ 1 - 2
src/manifest.json

@@ -42,6 +42,5 @@
     "webRequest",
     "webRequestBlocking",
     "notifications"
-  ],
-  "content_security_policy": "script-src 'self'; object-src 'self'"
+  ]
 }