使用Selenium IDE调用CSP阻止的eval() [英] Call to eval() blocked by CSP with Selenium IDE
问题描述
我有一个在 Selenium IDE
中开发的硒测试。我在此套件中有一个步骤应在文本字段中键入一个值。它在该步骤失败,给出以下错误:
I have a selenium test developed in Selenium IDE
. I have a step in this suite that should type a value in a text field. It fails at that step giving the following error:
18. click on id=firstName Failed:11:12:59
call to eval() blocked by CSP
推荐答案
CSP
内容安全政策(CSP)充当增加了一层安全性,有助于检测和缓解攻击,包括跨站点脚本攻击 (XSS)和数据注入攻击。这些攻击主要用于数据盗窃和恶意软件分发。
CSP
Content Security Policy (CSP) acts as a added layer of security that helps to detect and mitigate attacks including Cross Site Scripting (XSS) and data injection attacks. These attacks are primarily used for data theft and distribution of malware.
此错误消息...
call to eval() blocked by CSP
...表示 Selenium IDE 正在使用的插件不包含'unsafe- eval'
在CSP标头中。
...implies that the add-on which is being used by the Selenium IDE doesn't include 'unsafe-eval'
in CSP header.
根据讨论 CSP标头中的Firefox加载项需要'unsafe-eval'早期版本的Firefox无法检测到基于Ember.js 的应用程序,如果服务器发送的 Content Security Policy 标头不带'unsafe-eval'
在 script-src
指令中。
As per the discussion Firefox add-on needs 'unsafe-eval' in CSP header the earlier version of Firefox were not able to detect Ember.js based application if the server sends the Content Security Policy header without 'unsafe-eval'
in the script-src
directive.
此问题在讨论将Firefox附加组件转换为使用Chrome WebExtension ,并通过可安装的 WebExtension 进行了寻址,该 WebExtension 位于此处。
This issue was discussed at length within the discussion Convert Firefox add-on to use the Chrome WebExtension and was addressed through a installable WebExtension which can be found here.
根据OP的评论,更简单的方法是在内调整以下 Key-Value :config
可以解决此问题:
As per OP's comment an easier approach would be to tweak the following Key-Value within about:config
which solves the issue:
security.csp.enable off
参考
您可以在拒绝加载脚本,因为它违反了以下内容安全政策指令:ChromeDriver Chrome和Selenium的script-src错误
这篇关于使用Selenium IDE调用CSP阻止的eval()的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!