Chrome显示错误为:由于内容安全策略,拒绝执行内联脚本

[英]Chrome showing error as: Refused to execute inline script because of Content-Security-Policy


I am working on creating a Chrome Extension of an Image Cropping Widget. The code of my popup.html is as follows:

我正在开发一个图像裁剪小部件的Chrome扩展。我的弹出窗口的代码。html是如下:

    <body>
            <textarea id="widget_script" style="border:1px solid #ccc;padding:5px;width:600px" rows="5" readonly></textarea>
            <script type="text/javascript">
                var protocol=window.location.protocol;
                var host= window.location.host;
                var head=('<div id="wd_id" style="margin-bottom: 20px;"></div>
                <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></\script>
                <script type="text/javascript" src="'+protocol+'//'+host+'Image_crop/cropimages/img_crop_widget.js'+'"><\/script>
                <script type="text/javascript">init_widget()<\/script>');
                document.getElementById("widget_script").innerHTML=head;
            </script>
    </body>

The variables protocol and host take protocol and host from URL in the browser. When I tried to integrate this as a Chrome extension, it is not working. When it works perfectly, it displays following code in the textarea:

变量协议和主机从浏览器中的URL获取协议和主机。当我试图将它集成为Chrome扩展时,它不起作用。当它运行良好时,会在textarea中显示如下代码:

<div id="wd_id" style="margin-bottom: 20px;"></div>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://localhost/cropimages/img_crop_widget.js"></script>
<script type="text/javascript">init_widget()</script>

I have things few things like, placing the JS code in external JS file and and also calling the file in manifest.json calling it in my popup.html, but none worked.

我有一些东西,比如,将JS代码放在外部JS文件中,以及在manifest中调用文件。json在我的弹出窗口中调用。html,但是没有效果。

Can anyone tell me what I am doing wrong, or what else should I try to make it work?

谁能告诉我我做错了什么,或者我还应该做些什么?

Thanks in advance...

提前谢谢…

1 个解决方案

#1


60  

From the Chrome extension CSP docs:

来自Chrome扩展CSP文档:

Inline JavaScript will not be executed. This restriction bans both inline <script> blocks and inline event handlers (e.g. <button onclick="...">).

内联JavaScript将不会被执行。此限制禁止内联 <脚本> 块和内联事件处理程序(例如,

You cannot have inline scripts in your extension HTML like:

在你的扩展HTML中不能有内联脚本,比如:

<script>alert("I'm an inline script!");</script>

<button onclick="alert('I am an inline script, too!')">

Rather, you must place your script into a separate file:

相反,您必须将您的脚本放在一个单独的文件中:

<script src="somescript.js"></script>

注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2013/04/22/6929282d3316539853f0f7cc067433c7.html



 
粤ICP备14056181号  © 2014-2020 ITdaan.com