Cordova - 拒绝执行内联事件处理程序,因为它违反了以下内容安全策略 [英] Cordova - refuse to execute inline event handler because it violates the following content Security policy
问题描述
我正在培训cordova应用程序开发,并解决内容安全策略的问题。
I'm training for cordova application developpement and i turn around a problem with Content Security Policy.
我的应用程序正在运行android模拟器,但是当我必须执行一个javascript我得到一个消息在netbeans(输出窗口)。
My application is running with the android emulator, but when i have to execute a javascript i get an message in netbeans (output window).
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://ssl.gstatic.com". (22:35:56:126 | error, security)
at www/index.html:58
$ b b
我的代码如下。这是我的index.html。
我试图理解CSP如何工作,我想我理解的概念,但在这种情况下,我不明白的问题。第58行是注释。
My code is below. This is my index.html. I try to understand how CSP works and i think i understand the concept, but in this case i don't understand the problem. Line 58 is comment.
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' * data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self'; script-src 'self' https://ssl.gstatic.com; media-src *">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
<title>Hello World</title>
<link rel="stylesheet" type="text/css" href="css/index.css">
</head>
<body>
<div class="app">
<h1>Apache Cordova</h1>
<div id="deviceready" class="blink">
<p class="event listening">Connecting to Device</p>
<p class="event received">Device is Ready</p>
</div>
</div>
<!--
line 58
-->
<button onclick="capturePhoto();">Capture Photo</button> <br>
<img style="display:none;width:80px;height:80px;" id="smallImage" src="" />
<img style="display:none;" id="largeImage" src="" />
<script type="text/javascript" src="cordova.js"></script>
<script type="text/javascript" src="js/index.js"></script>
</body>
</html>
预先感谢您的帮助,因为我需要它。
Jérôme
By advance thanks for your help because i need it. Jérôme
推荐答案
选中此链接 https://developer.chrome.com/extensions/contentSecurityPolicy 它说:
内联JavaScript不会执行。此限制禁止内联块和内联事件处理程序(例如button onclick =...)。
Inline JavaScript will not be executed. This restriction bans both inline blocks and inline event handlers (e.g. button onclick="...").
(click,capturePhoto)中的简单事件监听器,例如:
So you can use a simple event listener inside a script tag like:
document.getElementById("myBtn").addEventListener("click", capturePhoto);
这篇关于Cordova - 拒绝执行内联事件处理程序,因为它违反了以下内容安全策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!