how to run unsafe-inline in a web page, not in chrome extension page

Question

the web page code is here:

<a id="pagerBottomNew_nextButton" title="下一页" class="Search_page-cut" href="javascript:__doPostBack('pagerBottomNew$nextButton','')"><i class="Common_icon Common_icon_caret_right_large"></i></a>

ny content page code is here:

   let event = new MouseEvent("click", { "bubbles": true, "cancelable": true });
   let ele = document.querySelector(request.args.target);
   if (ele != null) ele.dispatchEvent(event);
   sendResponse({ type: 'done' });

when execute the

ele.dispatchEvent(event);

chrome report the message:

Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

the web page is from a commercial web site, how to simulate the click event without breaking the CSP.

Answer 1

LeonTM's answer is literally correct, but you should not do this (unless you really know what you are doing) as enabling 'unsafe-inline' will allow injection attacks.

I'd recommend people to read this article before enabling this.

Answer 2

to fix your problem, use this:

"content_security_policy": {
    "extension_pages": "default-src 'self'; style-src 'self' 'unsafe-inline'"
 }

The "style-src" part, might not need, but it's helpful. for more information read here.