1.Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’ chrome-extension-resource:”.

从Chrome Extenstion V2开始,不允许执行任何inline javascript代码(也就是html内的任何js代码都不允许执行)
尤其是onclick=”xxx()”这种写法,是不可取的。需要用eventListener或者类似的东西来为元素绑定事件的监听。
后来将所有页面内代码移出,打包成.js文件,然后采用外链js文件的方式,问题迎刃而解。
REF:http://coolgod.me/?p=241


Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Uncaught SecurityError: An attempt was made to break through the security policy of the user agent.

canvas跨域问题,类似AJAX跨域