save file

javascript-2020 · javascript-2020 · commit 0d339c31d404 · 2025-12-04T17:08:37.000Z
diff --git a/blog/25-12-04/bypass-csp/bypass-csp.html b/blog/25-12-04/bypass-csp/bypass-csp.html
@@ -222,11 +222,69 @@ <h1 class=title style='position:absolute;left:0;right:0;margin:auto;top:-10px'>
 
 
             <h3 class=blog-hdr>
-                  ipc socket servers
+                  Manidest v2
             </h3>
             
-
-
+            <section class=blog-text>
+                  so right off the bat, manifest v2 is capable of removing the contest-security-policy on a web request<br>
+                  <br>
+                  firefox still ( currently, at the time of writing ) supports manifest v2, it has the bindings for manifest v3 but
+                  they are just stubs that do nothing<br>
+                  <br>
+                  chromium and hence google chrome, edge, brave, opera and any of the myriad of browsers that are based on chromium do
+                  not support manifest v2<br>
+                  <br>
+                  google's official stance on manifest v3 changes<br>
+                  <br>
+                  To prevent extensions from weakening site security. Allowing CSP removal would undermine protections against XSS and remote code injection.<br>
+                  <br>
+                  <a href='https://developer.chrome.com/docs/extensions/migrating/improve-security/'>
+                        Improve extension security
+                        <span class=link-domain>
+                              developer.chrome.com
+                        </span>
+                  </a>
+                  <br>
+                  for those who wish to develop using the old manifest v2, previous versions of chromium can be downloaded from<br>
+                  <a href='https://www.chromium.org/getting-involved/download-chromium/#downloading-old-builds-of-chrome-chromium'>
+                        Downloading old builds of Chrome / Chromium
+                        <span class=link-domain>
+                              chromium.org
+                        </span>
+                  </a>
+                  <br>
+                  manifest V3 is supported generally in Chrome 88 ( January 19th, 2021 ) or later.<br>
+                  <br>
+            </section>
+            
+            
+            <section class=blog-text>
+                  <h3 class=blog-hdr>
+                        Firefox Manifest v2 Extension Remove CSP
+                  </h3>
+                  
+                  <img src='ext/firefox/cubes.png'>
+                  
+                  <snippet-editor src='ext/firefox/manifest.json' mode=json fullsize component></snippet-editor>
+
+                  <snippet-editor src='ext/firefox/extension.js' mode=js fullsize component></snippet-editor>
+            </section>
+            
+            
+            <section class=blog-text>
+                  <h3 class=bog-hdr>
+                        Google Chrome v3 Extension Remove CSP ( doesn't work )
+                  </h3>
+                  
+                  <img src='ext/chrome/cubes.png'>
+                  
+                  <snippet-editor src='ext/chrome/manifest.json' mode=json fullsize component></snippet-editor>
+                  
+                  <snippet-editor src='ext/chrome/extension.js' mode=js fullsize component></snippet-editor>
+            </section>
+                  
+                  
+                  
 
             
             <log-mod component></log-mod>
