Includes remotely-hosted code, so cannot be used within a Chrome extension

[raindrift]

What are the steps to reproduce this issue?

1. Create a chrome extension using manifest v3
2. Set up honeybadger in accordance with https://docs.honeybadger.io/lib/javascript/integration/chrome-extension/
3. Submit extension to the Chrome web store

What happens?

Extension is rejected after review. I received the following notice by email:

Violation reference ID: Blue Argon

Technical Requirements - Additional Requirements for Manifest V3:

Violation: Including remotely hosted code in a Manifest V3 item. Violating Content: Code snippet: service_worker.js: t.getUserFeedbackScriptUrl = function(e) { var t = e.split(".").slice(0, 2).join("."); return "https://js.honeybadger.io/v".concat(t, "/honeybadger-feedback-form.js") Code snippet: extension.js: }; t.getUserFeedbackScriptUrl = function(e) { var t = e.split(".").slice(0, 2).join("."); return "https://js.honeybadger.io/v".concat(t, "/honeybadger-feedback-form.js") };

What were you expecting to happen?

Extension would be accepted, on account of not breaking the rules.

Any logs, error output, etc?

No

Any other comments?

It took a few extension versions for them to catch this issue. Because of this, I know that Honeybadger works great in our extension! I am hoping we don't have to stop using it. I know this library has worked fine with mv3 for years. The policy isn't new, but perhaps there have been recent updates to Google's code analysis tools?

I am installing the npm version and packaging with webpack, but the same issue exists in the minified js.

It seems like this would be solvable by:

1. Include the feedback form js with the rest of the honeybadger javascript. It's not very much code, so it seems like lazy-loading it (if that's why it is separate) isn't gaining much.
2. This problem will occur again in the form itself, since it submits data by injecting a Githubissues.
3. Githubissues is a development platform for aggregating issues.