|
|
|
|
|
|
by qvq
1847 days ago
|
|
|
For a Chrome extension using manifest V2: you can inject "inline" scripts into the DOM and interact with a page's JS regardless of the CSP. For a Chrome extension using manifest v3: you can inject script tags with a src pointing to a local JS file in the extension regardless of the CSP. Modifying the CSP is not a requirement for a Chrome extension to interact with a page's JS. I don't know about other browsers though. |
|
|