Chrome顯示錯誤為:由於內容安全策略,拒絕執行內聯腳本

[英]Chrome showing error as: Refused to execute inline script because of Content-Security-Policy


I am working on creating a Chrome Extension of an Image Cropping Widget. The code of my popup.html is as follows:

我正在開發一個圖像裁剪小部件的Chrome擴展。我的彈出窗口的代碼。html是如下:

    <body>
            <textarea id="widget_script" style="border:1px solid #ccc;padding:5px;width:600px" rows="5" readonly></textarea>
            <script type="text/javascript">
                var protocol=window.location.protocol;
                var host= window.location.host;
                var head=('<div id="wd_id" style="margin-bottom: 20px;"></div>
                <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></\script>
                <script type="text/javascript" src="'+protocol+'//'+host+'Image_crop/cropimages/img_crop_widget.js'+'"><\/script>
                <script type="text/javascript">init_widget()<\/script>');
                document.getElementById("widget_script").innerHTML=head;
            </script>
    </body>

The variables protocol and host take protocol and host from URL in the browser. When I tried to integrate this as a Chrome extension, it is not working. When it works perfectly, it displays following code in the textarea:

變量協議和主機從瀏覽器中的URL獲取協議和主機。當我試圖將它集成為Chrome擴展時,它不起作用。當它運行良好時,會在textarea中顯示如下代碼:

<div id="wd_id" style="margin-bottom: 20px;"></div>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://localhost/cropimages/img_crop_widget.js"></script>
<script type="text/javascript">init_widget()</script>

I have things few things like, placing the JS code in external JS file and and also calling the file in manifest.json calling it in my popup.html, but none worked.

我有一些東西,比如,將JS代碼放在外部JS文件中,以及在manifest中調用文件。json在我的彈出窗口中調用。html,但是沒有效果。

Can anyone tell me what I am doing wrong, or what else should I try to make it work?

誰能告訴我我做錯了什么,或者我還應該做些什么?

Thanks in advance...

提前謝謝…

1 个解决方案

#1


60  

From the Chrome extension CSP docs:

來自Chrome擴展CSP文檔:

Inline JavaScript will not be executed. This restriction bans both inline <script> blocks and inline event handlers (e.g. <button onclick="...">).

內聯JavaScript將不會被執行。此限制禁止內聯 <腳本> 塊和內聯事件處理程序(例如,

You cannot have inline scripts in your extension HTML like:

在你的擴展HTML中不能有內聯腳本,比如:

<script>alert("I'm an inline script!");</script>

<button onclick="alert('I am an inline script, too!')">

Rather, you must place your script into a separate file:

相反,您必須將您的腳本放在一個單獨的文件中:

<script src="somescript.js"></script>

注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2013/04/22/6929282d3316539853f0f7cc067433c7.html



 
粤ICP备14056181号  © 2014-2020 ITdaan.com