Javascript不能在本地页面上运行 [英] Javascript does not run on local page

问题描述

  function openMyPage（）{
 var popupURL = chrome.extension.getURL（my-page.html）; 
 
 chrome.windows.create（{
 url：popupURL，
类型：popup，
高度：200，
宽度：200 
}）; 
} 
 
 chrome.browserAction.onClicked.addListener（openMyPage）; 
  

在my-page.html里我想运行一些javascript，但是我无法运行。即使是一个简单的脚本也不会执行：

 < html> 
< body> 
< script type =text / javascript> 
 document.write（JS执行）
< / script> 
< / body> 
< / html> 
  

打开的页面的URL是沿着 moz-extension ：//8974747a-3aa7-4654-93e5-ad60d3de0cc5/my-page.html 。我已经尝试禁用插件，如NoScript，但无济于事。

如何在此页面上执行JS？我究竟做错了什么？感谢您的帮助。
$ b

编辑：manifest.json按照要求：

  
description：将浏览器操作图标添加到工具栏以打开打包的网页，请参阅https://developer.mozilla.org/en-US/Add-ons/WebExtensions/示例＃open-my-page-button，
manifest_version：2，
name：open-my-page，
version：1.0，
homepage_url：https://github.com/mdn/webextensions-examples/tree/master/open-my-page-button，
图标：{
48 ：icons / page-48.png
}，
 
applications：{
gecko：{
id： my-page-button@mozilla.org，
strict_min_version：45.0
} 
}，
 
background：{
 scripts：[background.js] 
}，
 
browser_action：{
default_icon：图标/ page-32.png
} 
 
} 
  

它直接来自Mozilla的一个例子。

您可能正在运行默认内容安全政策：

 script-src'self'; object-src'self';
  

这意味着内联JavaScript不会运行。换句话说，下面的内容在您的HTML中是不允许的： / p>

 < script type =text / javascript> document.write（JS executed）< / script> 
  

或

或

 < div onclick =console.log（'click'）> Click me！< / div> 
  

正常解决方案：

正常的解决方案是将所有的JavaScript移动到一个或多个独立的文件中，并将其包含在内：

 < script type = text / javascriptsrc =my-page.js>< / script> 
  

< STRONG>简介内联脚本：

如果您希望使用内联脚本，您可以使用 content_security_policy 键入您的 manifest.json 文件。但是，您需要提供散列

除非由于某些原因，您真的需要 来使用内联脚本，您可能会发现将所有脚本内容移动到外部文件更容易，而不是将内容与脚本内联在一起（这会要求您重新计算散列，以便对脚本进行任何更改脚本）。

在Firefox 48中实现：

本内容安全策略为在Firefox 48中实现。那个关于Firefox 48的博客文章肯定会提到：
$ b

请注意：向后不兼容的更改的任何Firefox WebExtensions不符合此CSP。不符合CSP的现有WebExtensions将需要更新。

您的具体情况：

如果您将脚本更改为（在创建散列时留有空白），它将会工作：

 < script type =text / javascript> document.write（JS executed）;< / script> 
  

然后，将以下行添加到您的 manifest.json p>

 content_security_policy：script-src'self''sha256-Z4nYjltJ / RciFs77n2n91dzwoz1Qg / 1JFwU5ODwWPC8 ='; object-src'self' ; 
  

I have a very simple webextension that is supposed to open a local page in a new window when a button is clicked:

function openMyPage() {
    var popupURL = chrome.extension.getURL("my-page.html");

    chrome.windows.create({
      url: popupURL,
      type: "popup",
      height: 200,
      width: 200
    });
}

chrome.browserAction.onClicked.addListener(openMyPage);

Inside my-page.html I want to run some javascript but I can't get it to work. Even a simple script does not execute:

<html>
   <body>
     <script type="text/javascript">
        document.write("JS executed")
     </script>
   </body>
</html>

The URL of the opened page is something along the lines of moz-extension://8974747a-3aa7-4654-93e5-ad60d3de0cc5/my-page.html. I've tried disabling addons such as NoScript, but to no avail.

How can I execute JS on this page? What am I doing wrong? Thanks for your help.

Edit: manifest.json as per request:

{

  "description": "Adds browser action icon to toolbar to open packaged web page. See https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Examples#open-my-page-button",
  "manifest_version": 2,
  "name": "open-my-page",
  "version": "1.0",
  "homepage_url": "https://github.com/mdn/webextensions-examples/tree/master/open-my-page-button",
  "icons": {
    "48": "icons/page-48.png"
  },

  "applications": {
    "gecko": {
      "id": "open-my-page-button@mozilla.org",
      "strict_min_version": "45.0"
    }
  },

  "background": {
    "scripts": ["background.js"]
  },

  "browser_action": {
    "default_icon": "icons/page-32.png"
  }

}

It it taken directly from one of Mozilla's examples.

解决方案

Inline scripts don't work with the Default Content Security Policy

You are probably running into the Default Content Security Policy which is:

"script-src 'self'; object-src 'self';"

Which means that Inline JavaScript won't run. In other words things like following are not permitted in your HTML:

<script type="text/javascript"> document.write("JS executed")</script>

or

<script>console.log("foo");</script>

or

<div onclick="console.log('click')">Click me!</div>

Normal solution:
The normal solution is to move all your JavaScript into one, or more, separate files and include them with something like:

<script type="text/javascript" src="my-page.js"></script>

Using inline scripts:
If you desire to use inline scripts, you can use the content_security_policy key in your manifest.json file. However, you will need to supply a "hash of the script in the "script-src" directive."

Unless, for some reason, you really need to use inline scripts, you will probably find it much easier to move all of your script content to an external file rather than include scripts inline with your HTML (which would require you to recompute the hash for any change to the script).

Implemented in Firefox 48:
This Content Security Policy was implemented in Firefox 48. That blog post regarding Firefox 48 makes sure to mention:

Please note: this will be a backwards incompatible change for any Firefox WebExtensions that did not adhere to this CSP. Existing WebExtensions that do not adhere to the CSP will need to be updated.

Your specific case:

It will work if you change your script to (whitespace counts when creating the hash):

<script type="text/javascript">document.write("JS executed");</script>

And, add the following line to your manifest.json:

"content_security_policy": "script-src 'self' 'sha256-Z4nYjltJ/RciFs77n2n91dzwoz1Qg/1JFwU5ODwWPC8='; object-src 'self';"

这篇关于Javascript不能在本地页面上运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！