Using libsodium.js in a browser extension

Question

I am trying to use the libsodium.js library in an extension and so far have only tested in Chrome (currently version 71).

It works perfectly so far in a standard web page context, but when I try to load it in an extension, I get an error. Whether it's loaded as a script, or if I define a page in the manifest with it as the only script and make the script async (literally identical to how it is in the browser page):

<script src="dist/browsers/sodium.js" async></script>

I get only the same error in the extension and not the web page. The error is:

Uncaught (in promise) TypeError: s is not a function

Best I can tell, it seems that there is a promise not resolved yet that contains the function s when the page loads for the extension, but the webpage resolves it properly. Perhaps I'm wrong as it's 8200+ lines of code generated by Emscripten, so it's a bit obtuse to read through. I can't seem to find any answers in the extension documentation or the extensive amount of googling I've done.

Can anyone point me in the right direction to resolve this?

Answer 1

The answer this issue is that extensions have a much more strict content-security policy. They will not allow eval or eval like functions to execute. Apparently, in the webassembly of this library, there is at least one function like this hindering the promise from success.

The solution can be found here:https://developer.chrome.com/extensions/sandboxingEval

It does work sending the message back and forth and the iframe does have access to the library/resulting code from the promise.

I hope this helps someone else too and if this needs editing or clarification, please let me know.