Invalid Events in html body and button tags

Hello Forums!

I’m very very new to extension development and I’m wondering if there is a list of invalid practices other than the Don’t section in this link.

For instance, I tried using onload(“functionName”) in the body tag and that was invalid.

Thanks a ton!

The reason the onload HTML attribute wouldn’t work is because the CSP (Content Security Policy) is set to script-src 'self' which only allows running js from .js files hosted on the same scheme, host and port.

More information about CSP can’t be found here.

Also, the following restrictions apply:

**You cannot use inline JavaScript.**
You cannot load any asset or connect to any resource that is not served over a secure protocol (HTTPS or WSS).
You cannot embed an extension anywhere outside the Twitch extension harness.

It’s right down the bottom…

Wow, thank you… should had been more thorough.