Recently, in MV3, google supposedly outlawed running remote code in extensions. While it may be unsafe, there's also valid business reasons for wanting to.
Here's a few steps on how to do it currently, as of 2023-04-19.
- Create a sandbox html page, for executing arbitrary code.
- create a tab that acts as an intermediary between bgsw and the sandbox. Embed the iframe of sandbox in the tab.
- create a background service worker (bgsw) such that it creates the tab as an offscreen document. ( https://developer.chrome.com/docs/extensions/reference/offscreen/
Then, to run the code in the background.
- send chrome.runtime.message to tab
- tab then does a iframe.contentWindow.postMessage to sandbox
- sandbox evaluates the code, then does a window.postMessage back to tab
- tab takes the info and does a chrome.runtime.message back to bgsw