I want to use AngularJS in a Chrome extension but I have an error like this:

Error: SECURITY_ERR: DOM Exception 18
Error: An attempt was made to break through the security policy of the user agent.
    at new listConnection

manifest.json :

 {
  "name": "Chrome auditor connection",
  "version": "1",
  "icons": { "48": "icone.png",
            "128": "icone.png" },
  "description": "Chrome-auditor-connection is an extension for Google Chrome browser. It ensures that nobody connects to your browser with your profile.",
  "background": {
    "scripts": [
      "chrome_ex_oauthsimple.js",
      "chrome_ex_oauth.js",
      "background.js"
    ]
  },
  "browser_action": {
    "default_title": "Chrome auditor connection",
    "default_icon": "icone.png",
    "default_popup": "index.html"
  },
  "permissions": [
    "storage"
  ],
  "web_accessible_resources": ["index.html"],
  "sandbox": {
     "pages": ["index.html","index.js","angular.min.js"]
  },
  "manifest_version": 2
}

index.js :

function listConnection( $scope) {      
    $scope.connections = JSON.parse(localStorage['connectionHistory']);
}

I think the JSON.parse() is blocked by the Chrome "Content Security Policy" (CSP).

Do you have any solution?

I want to use AngularJS in a Chrome extension but I have an error like this:

Error: SECURITY_ERR: DOM Exception 18
Error: An attempt was made to break through the security policy of the user agent.
    at new listConnection

manifest.json :

 {
  "name": "Chrome auditor connection",
  "version": "1",
  "icons": { "48": "icone.png",
            "128": "icone.png" },
  "description": "Chrome-auditor-connection is an extension for Google Chrome browser. It ensures that nobody connects to your browser with your profile.",
  "background": {
    "scripts": [
      "chrome_ex_oauthsimple.js",
      "chrome_ex_oauth.js",
      "background.js"
    ]
  },
  "browser_action": {
    "default_title": "Chrome auditor connection",
    "default_icon": "icone.png",
    "default_popup": "index.html"
  },
  "permissions": [
    "storage"
  ],
  "web_accessible_resources": ["index.html"],
  "sandbox": {
     "pages": ["index.html","index.js","angular.min.js"]
  },
  "manifest_version": 2
}

index.js :

function listConnection( $scope) {      
    $scope.connections = JSON.parse(localStorage['connectionHistory']);
}

I think the JSON.parse() is blocked by the Chrome "Content Security Policy" (CSP).

Do you have any solution?

• javascript
• google-chrome-extension
• angularjs

Share Improve this question Follow edited Feb 20, 2015 at 3:00 Jonathan Spooner 7,76222 gold badges3838 silver badges4141 bronze badges asked Jan 17, 2013 at 23:28 BaltoxBaltox 18722 silver badges77 bronze badges

Add a ment  | 

3 Answers 3

Sorted by: Reset to default 4

Your index.js is sandboxed as defined in your manifest.json file.
"A sandboxed page will not have access to extension or app APIs"
So it can't access localstorage.
Remove the sandbox or use something like https://github./jamesmortensen/chrome-sandbox-storageAPI for sandboxed pages.

There are two answers for you:

1. Add ng-csp to your <html> tag, like this <html ng-csp ng-app="AngularAppName"> . See this SO answer
2. Add this line to manifest.json file

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self' "

Problems in your code

These are some of problems i see so far with code shared!.

• Your index.html is being used as default_popup, web_accessible_resources and in sandbox Pages . It is functionally incorrect, what is you want to develop?
• Why do you want to put angular.min.js in sandbox location?
• Is index.js used by index.html, if so there is no need to list it explicitly.
• Storage is an object per domain, your localstorage differs from sandbox and other pages.