Google Chrome扩展程序制作中的Content-Security-Policy错误 [英] Content-Security-Policy error in google chrome extension making
问题描述
以下是我的代码文件:
manifest.json
{
name: ,
version:1.1,
permissions:[
tabs,< all_urls>
],
browser_action:{
default_title:links,//可选;在工具提示中显示
default_popup:popup.html//可选
},
content_scripts:[
{
matches:[<< ; all_urls>中],
js:[background.js]
}
],
manifest_version:2
}
popup.html
< !doctype html>
< html>
< head>
< title> My Awesome Popup!< / title>
< script>
function getPageandSelectedTextIndex()
{
chrome.tabs.getSelected(null,function(tab){
chrome.tabs.sendRequest(tab.id,{greeting:hello },函数(响应)
{
console.log(response.farewell);
});
});
}
chrome.browserAction.onClicked.addListener(function(tab){
getPageandSelectedTextIndex();
});
< / script>
< / head>
< body>
< button onclick =getPageandSelectedTextIndex()>
< / button>
< / body>
< / html>
background.js
chrome.extension.onRequest.addListener(
函数(request,sender,sendResponse){
console.log(sender.tab?
from a content script: + sender.tab.url:
);
if(request.greeting ==hello)
updateIcon();
} );
函数updateIcon(){
var allLinks = document.links;
for(var i = 0; i< allLinks.length; i ++){
alllinks [i] .style.backgroundColor ='#ffff00';
$ b $ / code>
最初我想突出所有在页面上链接或以某种方式标记它们;但我收到错误拒绝执行内联脚本,因为Content-Security-Policy。
当我按下弹出窗口中的按钮时,出现以下错误:由于Content-Security-Policy
拒绝执行内联事件处理程序。
请帮我解决这些错误,这样我就可以使用我的Chrome扩展程序打开新选项卡中的所有链接。
manifest_version的后果之一:2
是内容安全策略是默认启用的。 Chrome开发人员选择严格要求并始终禁止内嵌JavaScript代码 - 只允许放置在外部JavaScript文件中的代码执行(以防止扩展中的跨站点脚本漏洞)。因此,不应在 popup.html
中定义 getPageandSelectedTextIndex()
函数,而应将其放入 popup.js
文件并将其包含在 popup.html
中:
< script type =text / javascriptsrc =popup.js>< / script>
和< button onclick =getPageandSelectedTextIndex()>
也必须改变, onclick
属性也是一个内联脚本。您应该分配一个ID属性:< button id =button>
。然后在 popup.js
中,您可以将一个事件处理程序附加到该按钮上:
$ b
window.addEventListener(load,function()
{
document.getElementById(button)
.addEventListener(click,getPageandSelectedTextIndex,假);
},假);
I am making a chrome extension that will open all links on a page in new tabs.
Here are my code files:
manifest.json
{
"name": "A browser action which changes its icon when clicked.",
"version": "1.1",
"permissions": [
"tabs", "<all_urls>"
],
"browser_action": {
"default_title": "links", // optional; shown in tooltip
"default_popup": "popup.html" // optional
},
"content_scripts": [
{
"matches": [ "<all_urls>" ],
"js": ["background.js"]
}
],
"manifest_version": 2
}
popup.html
<!doctype html>
<html>
<head>
<title>My Awesome Popup!</title>
<script>
function getPageandSelectedTextIndex()
{
chrome.tabs.getSelected(null, function(tab) {
chrome.tabs.sendRequest(tab.id, {greeting: "hello"}, function (response)
{
console.log(response.farewell);
});
});
}
chrome.browserAction.onClicked.addListener(function(tab) {
getPageandSelectedTextIndex();
});
</script>
</head>
<body>
<button onclick="getPageandSelectedTextIndex()">
</button>
</body>
</html>
background.js
chrome.extension.onRequest.addListener(
function(request, sender, sendResponse) {
console.log(sender.tab ?
"from a content script:" + sender.tab.url :
"from the extension");
if (request.greeting == "hello")
updateIcon();
});
function updateIcon() {
var allLinks = document.links;
for (var i=0; i<allLinks.length; i++) {
alllinks[i].style.backgroundColor='#ffff00';
}
}
Initially I wanted to highlight all the links on the page or mark them in some way; but I get the error "Refused to execute inline script because of Content-Security-Policy".
When I press the button inside the popup, I get this error: Refused to execute inline event handler because of Content-Security-Policy
.
Please help me fix these errors, so I can open all links in new tabs using my chrome extension.
One of the consequences of "manifest_version": 2
is that Content Security Policy is enabled by default. And Chrome developers chose to be strict about it and always disallow inline JavaScript code - only code placed in an external JavaScript file is allowed to execute (to prevent Cross-Site Scripting vulnerabilities in extensions). So instead of defining getPageandSelectedTextIndex()
function in popup.html
you should put it into a popup.js
file and include it in popup.html
:
<script type="text/javascript" src="popup.js"></script>
And <button onclick="getPageandSelectedTextIndex()">
has to be changed as well, onclick
attribute is also an inline script. You should assign an ID attribute instead: <button id="button">
. Then in popup.js
you can attach an event handler to that button:
window.addEventListener("load", function()
{
document.getElementById("button")
.addEventListener("click", getPageandSelectedTextIndex, false);
}, false);
这篇关于Google Chrome扩展程序制作中的Content-Security-Policy错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!