From 2c870ff7d34562af356e91bd6a0e9b7d27657735 Mon Sep 17 00:00:00 2001 From: Rin Date: Thu, 8 Jan 2026 13:11:18 +0700 Subject: [PATCH 1/2] security: restrict content script matches to specific domain instead of --- functional-samples/sample.favicon-cs/manifest.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/functional-samples/sample.favicon-cs/manifest.json b/functional-samples/sample.favicon-cs/manifest.json index 0f5a482559..b5a8d763c8 100644 --- a/functional-samples/sample.favicon-cs/manifest.json +++ b/functional-samples/sample.favicon-cs/manifest.json @@ -1,11 +1,11 @@ { "name": "Favicon API in content scripts", "version": "1.1", - "description": "Demonstrates fetching the favicon from www.google.com and inserting it at the top left of every page.", + "description": "Demonstrates fetching the favicon from www.google.com and inserting it at the top left of the specified pages.", "manifest_version": 3, "content_scripts": [ { - "matches": [""], + "matches": ["https://www.google.com/*"], "js": ["content.js"], "css": ["style.css"] } @@ -14,7 +14,7 @@ "web_accessible_resources": [ { "resources": ["_favicon/*"], - "matches": [""], + "matches": ["https://www.google.com/*"], "use_dynamic_url": true } ] From f0f4584f9f4060545528649285d92088548f7c48 Mon Sep 17 00:00:00 2001 From: RinCodeForge927 Date: Thu, 8 Jan 2026 20:32:21 +0700 Subject: [PATCH 2/2] docs: update README to reflect domain restriction --- functional-samples/sample.favicon-cs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/functional-samples/sample.favicon-cs/README.md b/functional-samples/sample.favicon-cs/README.md index 6059b79f06..389d636978 100644 --- a/functional-samples/sample.favicon-cs/README.md +++ b/functional-samples/sample.favicon-cs/README.md @@ -1,6 +1,6 @@ ## Fetching a favicon in a content script -This example fetches the favicon from www.google.com and inserts it at the top left of every page. +This example fetches the favicon from www.google.com and inserts it at the top left of Google search pages. Note: This extension does not work on `chrome://extensions`. @@ -9,7 +9,7 @@ See [Fetching favicons](https://developer.chrome.com/docs/extensions/mv3/favicon ## Testing the extension 1. Follow the instructions to load an [unpacked extension](https://developer.chrome.com/docs/extensions/mv3/getstarted/development-basics/#load-unpacked). -2. Navigate to [www.example.com](https://www.example.com/). +2. Navigate to [www.google.com](https://www.google.com/). It should look like this: