AngularJS html bind and Chome application CSP

Question

I've been developing AngularJS application and trying to make Chrome extension from it.

Application gets feeds from remote server in JSON format and one of values is HTML which is binded by using ngSanitize. Everything is fine until trying to bind it and show it's content as part of Chrome application.

I know that the 'problem' is with CSP which is enforced and there is no way around it (without sandbox and webview, which I guess is out of option).

Making XHR requests for remote resources and marking them as blob is something that is used and proposed by Google, but in this case Angular is doing all HTML parsing and loading it on web page.

My question is if someone had similar problem and/or how this can be dealt with?

Thanks!

EDIT 1. HTML might have img tags for example. This way it is not showing anything but text.

EDIT 2. I came up with the following idea which might do the work.

1. Get HTML text
2. Add directive after problematic tag (img for example)
3. Let the directive get URL from src attribute and make XHR request.
4. After receiving mark it as BLOB and serve it in src attribute.

I don't have that much experience so I'm not able to see any pitfalls with this idea.

Answer 1

You can use background script as a proxy it will be able to do the xhr and return the response by sendResponse.

Doc about extension communication

and don't forget to use this in your template

<html data-ng-app="myApp" data-ng-csp>

It ng-csp will allow to run angular directives

Hope this will respond to your question