How To Inject Inline JavaScript And Script Src Link Into Any Website - Chrome Extension Manifest V3
This video is about Chrome extension development and JavaScript injection. In this tutorial video, I will teach you how to inject inline JavaScript code and external JavaScript files into any website using a Manifest V3 Chrome extension. I will also check and solve two errors related to Content Security Policy (CSP): these are `Refused to execute inline script` and `Refused to load the script`. I will show you the CSP differences between Manifest V2 and Manifest V3. In general, JavaScript injection can be used for two purposes. These are correct usage and malicious usage. I created a table that summarizes the differences between the correct and malicious usage of JavaScript injection. The correct usage of JavaScript injection is to use it to enhance the functionality of a website or web application. When used correctly, JavaScript injection can be a powerful tool for enhancing the functionality of a website or web application. However, it is important to use it safely and securely to prevent attackers from exploiting it for malicious purposes. The malicious usage of JavaScript injection is to inject malicious code into a website's JavaScript code with the intent of harming the website or its users. Malicious JavaScript injection attacks can be very dangerous, and they can have a significant impact on a website's security. Cross-site scripting (XSS): Is the most common type of JavaScript injection attack. It occurs when an attacker injects malicious code into a website's input fields, such as comment boxes or search forms. When a victim visits the website and enters data into the affected field, the malicious code is executed in the victim's browser.
------------------------------------------
▶ TABLE OF CONTENTS
------------------------------------------
0:00 Introduction
0:54 The Types Of JavaScript Injection
2:30 `manifest.json` File Explanation
2:41 Chrome Extension allFrames "all_frames" Explanation
3:14 Chrome Extension RunAt "run_at" Explanation
3:43 `injector.js` File Explanation
3:54 Inline & External JavaScript Injection Functions
4:26 JavaScript Injection Process Examples
5:32 Run Google Chrome Extension
6:05 `Refused to execute inline script` & `Refused to load the script` Errors
6:30 Why This Error Occurs?
6:40 Chrome Extension Execution World "ISOLATED" & "MAIN"
7:15 Chrome Extension Content Security Policy (CSP)
7:44 Chrome Extension Manifest V2 CSP vs Manifest V3 CSP
8:15 Solution | How To Fix Errors?
8:25 Usage With `manifest.json`
8:38 Usage With `executeScript`
8:43 Usage With `registerContentScripts`
8:48 Set "MAIN" Extension Execution World Using `manifest.json`
9:22 Checking JavaScript Injection
9:28 Errors Solved!
10:53 Anonymous Mask!
--------------------------------
👨💻 SOURCE CODE
--------------------------------
https://github.com/saeedkohansal/Inje...
--------------------------------
🔗 USEFUL LINKS
--------------------------------
A Stack Overflow excellent answer (Great thanks to Rob W and wOxxOm)
https://stackoverflow.com/questions/9...
Manifest - Content Security Policy
https://developer.mozilla.org/en-US/d...
Manifest - Content Security Policy
https://developer.chrome.com/docs/ext...
Content scripts
https://developer.chrome.com/docs/ext...
Content scripts - Run time
https://developer.chrome.com/docs/ext...
Content scripts - Specify frames
https://developer.chrome.com/docs/ext...
Content scripts - Inject scripts
https://developer.chrome.com/docs/ext...
Content scripts - Work in isolated worlds
https://developer.chrome.com/docs/ext...
chrome.extensionTypes - RunAt
https://developer.chrome.com/docs/ext...
chrome.extensionTypes - InjectDetails
https://developer.chrome.com/docs/ext...
chrome.scripting
https://developer.chrome.com/docs/ext...
chrome.scripting.executeScript
https://developer.chrome.com/docs/ext...
chrome.scripting.registerContentScripts
https://developer.chrome.com/docs/ext...
chrome.scripting.ExecutionWorld
https://developer.chrome.com/docs/ext...
chrome.scripting.ExecutionWorld
https://developer.mozilla.org/en-US/d...
#chromeextensions #javascript #extensiondevelopment #javascriptinjection #injectjavascript #js #programming #webdevelopment #gilgeekify
