I’m working on an extension where you need to encrypt or decrypt data. Naturally, I want to make sure that only the scripts from my extension are able to run on the local HTML page, to prevent the possibility to the password field being captured by another script.
I know that on a website, you can use the CSP header to prevent other scripts from running. It is possible to do something similar on a local HTML page within my extension? If so, does anyone have a demo of what the code would look like?
For example, I don’t want the pages of my extension to be accessible to the content-scripts of other extensions because they could potentially grab the text of the password field.