Instead of innerHTML, you can manually create DOM nodes and use innerText to insert dynamic content.

Beware external content

In general, if you’re generating dynamic content based on data from outside of your extension (such as something you fetched from the network, something you parsed from a page, or a message you received from another extension, etc.), you should be extremely careful about how you use it. If you use this data to generate content within your extension, you might be opening your users up to increased risk.

You can also read a few more examples of the issues discussed here in our extension docs. We hope these recommendations help you create better and safer extensions for everyone.

Posted by Erik Kay, Software Engineer ","\n Google\n ","\nChrome Extensions: Now with more powerful scripts and improved proxy management.\n","\nWednesday, July 13, 2011\n","sample extension","background page","chrome.extension.onRequest","rewrite the extension","GM_xmlhttpRequest","Book Burro","match patterns","matches","exclude_matches","@run-at","a script","Proxy Extension API","ProxyRules","Proxy Anywhere","Proxy SwitchyPlus","Posted by Tessa MacDuff and Mihai Parparita, Software Engineers ","\n\nLabels:\n\n\n\nextensions\n\n\n","\nUsing Cross-domain images in WebGL and Chrome 13\n","\nWednesday, July 6, 2011\n","security issue","shaders could be used","updated","CORS","CORS support",".crossOrigin","var img = document.createElement('img');
img.onload = function(e) { … };
img.crossOrigin = ''; // no credentials flag. Same as img.crossOrigin='anonymous'
img.src = 'http://other-domain.com/image.jpg';","ctx.drawImage()","origin-clean flag","ctx.toDataURL()","ctx.getImageData()","var img = document.createElement('img');
img.onload = function(e) {
ctx.drawImage(img, 0, 0, canvas.width, canvas.height);
var url = canvas.toDataURL(); // Read succeeds, canvas won't be dirty.
};
img.crossOrigin = '';

img.src = 'http://other-domain.com/image.jpg';","use of CORS","Chrome dev channel","Posted by Eric Bidelman, Developer Advocate ","\n\nLabels:\n\n\n\nwebgl\n\n\n","\n\n\n \n \n\n\n\n\n \n \n\n\n\n\n\n \n \n\n\n","\nLabels\n","\n \n ","\n\n$200K\n\n\n1\n\n","\n\n10th birthday\n\n\n4\n\n","\n\nabusive ads\n\n\n1\n\n","\n\nabusive notifications\n\n\n2\n\n","\n\naccessibility\n\n\n3\n\n","\n\nad blockers\n\n\n1\n\n","\n\nad blocking\n\n\n2\n\n","\n\nadvanced capabilities\n\n\n1\n\n","\n\nandroid\n\n\n2\n\n","\n\nanti abuse\n\n\n1\n\n","\n\nanti-deception\n\n\n1\n\n","\n\nbackground periodic sync\n\n\n1\n\n","\n\nbadging\n\n\n1\n\n","\n\nbenchmarks\n\n\n1\n\n","\n\nbeta\n\n\n83\n\n","\n\nbetter ads standards\n\n\n1\n\n","\n\nbilling\n\n\n1\n\n","\n\nbirthday\n\n\n4\n\n","\n\nblink\n\n\n2\n\n","\n\nbrowser\n\n\n2\n\n","\n\nbrowser interoperability\n\n\n1\n\n","\n\nbundles\n\n\n1\n\n","\n\ncapabilities\n\n\n6\n\n","\n\ncapable web\n\n\n1\n\n","\n\ncds\n\n\n1\n\n","\n\ncds18\n\n\n2\n\n","\n\ncds2018\n\n\n1\n\n","\n\nchrome\n\n\n35\n\n","\n\nchrome 81\n\n\n1\n\n","\n\nchrome 83\n\n\n2\n\n","\n\nchrome 84\n\n\n2\n\n","\n\nchrome ads\n\n\n1\n\n","\n\nchrome apps\n\n\n5\n\n","\n\nChrome dev\n\n\n1\n\n","\n\nchrome dev summit\n\n\n1\n\n","\n\nchrome dev summit 2018\n\n\n1\n\n","\n\nchrome dev summit 2019\n\n\n1\n\n","\n\nchrome developer\n\n\n1\n\n","\n\nChrome Developer Center\n\n\n1\n\n","\n\nchrome developer summit\n\n\n1\n\n","\n\nchrome devtools\n\n\n1\n\n","\n\nChrome extension\n\n\n1\n\n","\n\nchrome extensions\n\n\n3\n\n","\n\nChrome Frame\n\n\n1\n\n","\n\nChrome lite\n\n\n1\n\n","\n\nChrome on Android\n\n\n2\n\n","\n\nchrome on ios\n\n\n1\n\n","\n\nChrome on Mac\n\n\n1\n\n","\n\nChrome OS\n\n\n1\n\n","\n\nchrome privacy\n\n\n4\n\n","\n\nchrome releases\n\n\n1\n\n","\n\nchrome security\n\n\n10\n\n","\n\nchrome web store\n\n\n32\n\n","\n\nchromedevtools\n\n\n1\n\n","\n\nchromeframe\n\n\n3\n\n","\n\nchromeos\n\n\n4\n\n","\n\nchromeos.dev\n\n\n1\n\n","\n\nchromium\n\n\n9\n\n","\n\ncloud print\n\n\n1\n\n","\n\ncoalition\n\n\n1\n\n","\n\ncoalition for better ads\n\n\n1\n\n","\n\ncontact picker\n\n\n1\n\n","\n\ncontent indexing\n\n\n1\n\n","\n\ncookies\n\n\n1\n\n","\n\ncore web vitals\n\n\n2\n\n","\n\ncsrf\n\n\n1\n\n","\n\ncss\n\n\n1\n\n","\n\ncumulative layout shift\n\n\n1\n\n","\n\ncustom tabs\n\n\n1\n\n","\n\ndart\n\n\n8\n\n","\n\ndashboard\n\n\n1\n\n","\n\nData Saver\n\n\n3\n\n","\n\nData saver desktop extension\n\n\n1\n\n","\n\nday 2\n\n\n1\n\n","\n\ndeceptive installation\n\n\n1\n\n","\n\ndeclarative net request api\n\n\n1\n\n","\n\ndesign\n\n\n2\n\n","\n\ndeveloper dashboard\n\n\n1\n\n","\n\nDeveloper Program Policy\n\n\n2\n\n","\n\ndeveloper website\n\n\n1\n\n","\n\ndevtools\n\n\n13\n\n","\n\ndigital event\n\n\n1\n\n","\n\ndiscoverability\n\n\n1\n\n","\n\nDNS-over-HTTPS\n\n\n4\n\n","\n\nDoH\n\n\n4\n\n","\n\nemoji\n\n\n1\n\n","\n\nemscriptem\n\n\n1\n\n","\n\nenterprise\n\n\n1\n\n","\n\nextensions\n\n\n27\n\n","\n\nFast badging\n\n\n1\n\n","\n\nfaster web\n\n\n1\n\n","\n\nfeatures\n\n\n1\n\n","\n\nfeedback\n\n\n2\n\n","\n\nfield data\n\n\n1\n\n","\n\nfirst input delay\n\n\n1\n\n","\n\nFollow\n\n\n1\n\n","\n\nfonts\n\n\n1\n\n","\n\nform controls\n\n\n1\n\n","\n\nframeworks\n\n\n1\n\n","\n\nfugu\n\n\n2\n\n","\n\nfund\n\n\n1\n\n","\n\nfunding\n\n\n1\n\n","\n\ngdd\n\n\n1\n\n","\n\ngoogle earth\n\n\n1\n\n","\n\ngoogle event\n\n\n1\n\n","\n\ngoogle io 2019\n\n\n1\n\n","\n\ngoogle web developer\n\n\n1\n\n","\n\ngooglechrome\n\n\n12\n\n","\n\nharmful ads\n\n\n1\n\n","\n\nhtml5\n\n\n11\n\n","\n\nHTTP/3\n\n\n1\n\n","\n\nHTTPS\n\n\n4\n\n","\n\niframes\n\n\n1\n\n","\n\nimages\n\n\n1\n\n","\n\nincognito\n\n\n1\n\n","\n\ninsecure forms\n\n\n1\n\n","\n\nintent to explain\n\n\n1\n\n","\n\nios\n\n\n1\n\n","\n\nios Chrome\n\n\n1\n\n","\n\nissue tracker\n\n\n3\n\n","\n\njank\n\n\n1\n\n","\n\njavascript\n\n\n5\n\n","\n\nlab data\n\n\n1\n\n","\n\nlabelling\n\n\n1\n\n","\n\nlargest contentful paint\n\n\n1\n\n","\n\nlaunch\n\n\n1\n\n","\n\nlazy-loading\n\n\n1\n\n","\n\nlighthouse\n\n\n2\n\n","\n\nlinux\n\n\n2\n\n","\n\nLite Mode\n\n\n2\n\n","\n\nLite pages\n\n\n1\n\n","\n\nloading interventions\n\n\n1\n\n","\n\nloading optimizations\n\n\n1\n\n","\n\nlock icon\n\n\n1\n\n","\n\nlong-tail\n\n\n1\n\n","\n\nmac\n\n\n1\n\n","\n\nmanifest v3\n\n\n2\n\n","\n\nmetrics\n\n\n2\n\n","\n\nmicrosoft edge\n\n\n1\n\n","\n\nmixed forms\n\n\n1\n\n","\n\nmobile\n\n\n2\n\n","\n\nna\n\n\n1\n\n","\n\nnative client\n\n\n8\n\n","\n\nnative file system\n\n\n1\n\n","\n\nNew Features\n\n\n5\n\n","\n\nnotifications\n\n\n1\n\n","\n\noctane\n\n\n1\n\n","\n\nopen web\n\n\n4\n\n","\n\norigin trials\n\n\n2\n\n","\n\npagespeed insights\n\n\n1\n\n","\n\npagespeedinsights\n\n\n1\n\n","\n\npasswords\n\n\n1\n\n","\n\npayment handler\n\n\n1\n\n","\n\npayment request\n\n\n1\n\n","\n\npayments\n\n\n2\n\n","\n\nperformance\n\n\n20\n\n","\n\nperformance tools\n\n\n1\n\n","\n\npermission UI\n\n\n1\n\n","\n\npermissions\n\n\n1\n\n","\n\nplay store\n\n\n1\n\n","\n\nportals\n\n\n3\n\n","\n\nprefetching\n\n\n1\n\n","\n\nprivacy\n\n\n2\n\n","\n\nprivacy sandbox\n\n\n4\n\n","\n\nprivate prefetch proxy\n\n\n1\n\n","\n\nprofile guided optimization\n\n\n1\n\n","\n\nprogressive web apps\n\n\n2\n\n","\n\nProject Strobe\n\n\n1\n\n","\n\nprotection\n\n\n1\n\n","\n\npwa\n\n\n1\n\n","\n\nQUIC\n\n\n1\n\n","\n\nquieter permissions\n\n\n1\n\n","\n\nreleases\n\n\n3\n\n","\n\nremovals\n\n\n1\n\n","\n\nrlz\n\n\n1\n\n","\n\nroot program\n\n\n1\n\n","\n\nsafe browsing\n\n\n2\n\n","\n\nSecure DNS\n\n\n2\n\n","\n\nsecurity\n\n\n36\n\n","\n\nsite isolation\n\n\n1\n\n","\n\nslow loading\n\n\n1\n\n","\n\nsms receiver\n\n\n1\n\n","\n\nspam policy\n\n\n1\n\n","\n\nspdy\n\n\n2\n\n","\n\nspectre\n\n\n1\n\n","\n\nspeed\n\n\n4\n\n","\n\nssl\n\n\n2\n\n","\n\nstore listing\n\n\n1\n\n","\n\nstrobe\n\n\n2\n\n","\n\nsubscription pages\n\n\n1\n\n","\n\nsuspicious site reporter extension\n\n\n1\n\n","\n\nTCP\n\n\n1\n\n","\n\nthe fast and the curious\n\n\n23\n\n","\n\nTLS\n\n\n1\n\n","\n\ntools\n\n\n1\n\n","\n\ntracing\n\n\n1\n\n","\n\ntransparency\n\n\n1\n\n","\n\ntrusted web activities\n\n\n1\n\n","\n\ntwa\n\n\n2\n\n","\n\nuser agent string\n\n\n1\n\n","\n\nuser data policy\n\n\n1\n\n","\n\nv8\n\n\n6\n\n","\n\nvideo\n\n\n2\n\n","\n\nwasm\n\n\n1\n\n","\n\nweb\n\n\n1\n\n","\n\nweb apps\n\n\n1\n\n","\n\nweb assembly\n\n\n2\n\n","\n\nweb developers\n\n\n1\n\n","\n\nweb intents\n\n\n1\n\n","\n\nweb packaging\n\n\n1\n\n","\n\nweb payments\n\n\n1\n\n","\n\nweb platform\n\n\n1\n\n","\n\nweb request api\n\n\n1\n\n","\n\nweb vitals\n\n\n1\n\n","\n\nweb.dev\n\n\n1\n\n","\n\nweb.dev live\n\n\n1\n\n","\n\nwebapi\n\n\n1\n\n","\n\nwebassembly\n\n\n1\n\n","\n\nwebaudio\n\n\n3\n\n","\n\nwebgl\n\n\n7\n\n","\n\nwebkit\n\n\n5\n\n","\n\nWebM\n\n\n1\n\n","\n\nwebmaster\n\n\n1\n\n","\n\nwebp\n\n\n5\n\n","\n\nwebrtc\n\n\n6\n\n","\n\nwebsockets\n\n\n5\n\n","\n\nwebtiming\n\n\n1\n\n","\n\nwritable-files\n\n\n1\n\n","\n\nyerba beuna center for the arts\n\n\n1\n\n","\n \n ","\nArchive\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2024\n\n","\nJun\n","\nMay\n","\nApr\n","\nMar\n","\nFeb\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2023\n\n","\nNov\n","\nOct\n","\nSep\n","\nAug\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2022\n\n","\nDec\n","\nJan\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2021\n\n","\nJul\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2020\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2019\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2018\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2017\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2016\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2015\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2014\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2013\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2012\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2011\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2010\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2009\n\n","\n\n\n \n \n\n\n\n\n \n \n  \n \n\n\n\n2008\n\n","Feed","Follow @ChromiumDev","\nGive us feedback in our Product Forums.\n","\n Google\n ","\n Privacy\n ","\n Terms\n "]}