How to use eval in Manifest version 3

[askmeoffersglobal]

Hi Team,

Background: We are a coupon codes-based site and we want to launch a chrome extension with manifest version 3.

With our chrome extension, users can apply all coupon codes present in our database on the merchant checkout page with one click of a button and this will not only help the user in savings but saves them time in checking out all the coupon codes manually one by one.

We are in the development progress of our new chrome extension and we need a guide on how to use eval() in manifest version 3.

Pseudo Steps to reproduce :

1. Users will Install our chrome extension
2. User will open the merchant page and as usual make a purchase
3. Our chrome extension will show an option with a list of coupon codes and a button to auto-apply all the codes.
4. User on clicks the button "Apply Coupon Code" all the coupon codes from our database fetched will be checked for the maximum discount on the merchant page.

Example: "suppose the Merchant checkout page is amazon checkout page" and we fetched all the coupon code present in our database as displayed on our front end for amazon USA coupon code

Please guide how to achieve step 4 ( auto apply of coupon codes on the merchant checkout page will be achieved)

As our development team is saying that eval() is not allowed in manifest version 3.

Thank You
Team - Askmeoffers.com

[askmeoffersglobal]

@dotproto @mkruisselbrink @tfleish @mihaip @scheib @beaufortfrancois @mdittmer @avallee @mkruisselbrink @prtksxna @ds-hwang

Please help us so that we can proceed with our development activities.

Sorry for tagging you all as we have no idea who is the right person.

[beaufortfrancois]

@dotproto may be best to answer this question.

[ovesh-dhanga]

We are trying to develop functionality to auto apply coupons at checkout like being done by honey

Since JoinHoney is using Manifest V2, it's working fine.

However, in Manifest V3, Eval seems to be not supported and it shows an error.

Eval is required (and also used by Honey) to execute selectors & events using metadata like https://i.imgur.com/vKobamF.jpeg

Here is the selectors & events required to auto-apply coupon at checkout at https://www.jsonkeeper.com/b/GBBQ and we need to be able to execute this dynamically for each merchant.

This JS code is specific to each merchant and we need to trigger this code to action auto apply coupon as shown in the code screenshot at https://i.imgur.com/vKobamF.jpeg

eval("console.log('testing')");

When we implement it, it shows an error at https://i.imgur.com/tmi9Lyh.png

Gone through https://developer.chrome.com/docs/extensions/mv3/intro/mv3-overview/#remotely-hosted-code and https://developer.chrome.com/docs/extensions/mv3/mv3-migration/#remotely-hosted-code but still no luck as we need to execute selectors and events to be able to automatically apply coupons during the checkout process.

Kindly suggest a fix to overcome this as this issue would affect hundreds of browser extensions including Honey when Manifest V3 is in force.

Feel free to let's know if any more information is needed to understand the issue and offer resolution.

Looking forward to the resolution.

Thank you in advance.

[askmeoffersglobal]

@dotproto Please guide us

@ovesh-dhanga thank you for capturing detailed query document

[askmeoffersglobal]

@dotproto @hatrobotdev @AmySteam @guest271314 @fishoe @fieropheonix6 @Ambushfall @cryswerton
@pkotwicz @kerbalwzy @addyosmani @andreban @beaufortfrancois @Celsius273 @CharyCh @chromatim @dasli @google-ospo-team @google-admin @devnook @dasli @google-ospo-team @googlebot @hashseed @IanStanion-google @jpmedley @karan173 @lsauser @paulirish @PaulKinlan @rachelandrew @rdcronin @AmySteam @guest271314 @fishoe @ieropheonix6 @Ambushfall

Extremely Sorry to tag you all multiple times .

Please any of you guide us how we go head with the issues we are facing as our development is on hold due to this .

Looking for help .

Sorry again

[Ambushfall]

@askmeoffersglobal
Chrome extensions will fully block execution of remote code, as such there has to be a different way for you to integrate this functionality.

In order to execute anything, it'd have to be sandboxed and contained within an iframe.

Why are you fetching selectors?

Are these selectors not usable as a content script?

Do they change often?

[dotproto]

Closing this issue as it appears to be a support request, not a bug or a feature request for the chrome-extension-samples repository. You may want to try asking your question on Stack Overflow or on the chromium-extensions Google Group.

---

The short answer is that extensions cannot execute arbitrary scripts in Manifest V3. This is enforced through both platform changes (namely tighter content security policy rules) and Chrome Web Store policy (Additional Requirements for Manifest V3
. This restriction applies to extension execution contexts (such as the extension's service worker, popup page, and so on) and to the pages that extensions run on.

For general consumer extensions, there are two notable exceptions, but I don't think are appropriate for this use case. First, sandboxed pages can be used to integrate with web services that require arbitrary script execution (for example, login or purchase flows) or to run libraries that require the use of eval (for example, Handlebars). Second, Chrome is currently working with the WECG on user scripts API. This API specifically targets user scripts managers and is not meant as a general purpose way to execute arbitrary script. Non user script managers that attempt to use this API are likely to be rejected at review time.