Google Chrome扩展程序制作中的Content-Security-Policy错误 [英] Content-Security-Policy error in google chrome extension making

问题描述

以下是我的代码文件：

manifest.json

  {
name： ，
version：1.1，
permissions：[
tabs，< all_urls> 
]，
browser_action：{
default_title：links，//可选;在工具提示中显示
default_popup：popup.html//可选
}，
content_scripts：[
 {
matches：[<< ; all_urls>中]，
js：[background.js] 
} 
]，
manifest_version：2 
} 
  

popup.html

 < ！doctype html> 
< html> 
< head> 
< title> My Awesome Popup！< / title> 
< script> 
 function getPageandSelectedTextIndex（）
 {
 chrome.tabs.getSelected（null，function（tab）{
 chrome.tabs.sendRequest（tab.id，{greeting：hello }，函数（响应）
 {
 console.log（response.farewell）; 
}）; 
}）; 
} 
 chrome.browserAction.onClicked.addListener（function（tab）{
 getPageandSelectedTextIndex（）; 
}）; 
< / script> 
< / head> 
< body> 
< button onclick =getPageandSelectedTextIndex（）> 
< / button> 
< / body> 
< / html> 
  

background.js

  chrome.extension.onRequest.addListener（
函数（request，sender，sendResponse）{
 console.log（sender.tab？
from a content script： + sender.tab.url：
）; 
 if（request.greeting ==hello）
 updateIcon（）; 
 
} ）; 
函数updateIcon（）{
 var allLinks = document.links; 
 for（var i = 0; i< allLinks.length; i ++）{
 alllinks [i] .style.backgroundColor ='＃ffff00'; 
 
 
 $ b $ / code> 

最初我想突出所有在页面上链接或以某种方式标记它们;但我收到错误拒绝执行内联脚本，因为Content-Security-Policy。

当我按下弹出窗口中的按钮时，出现以下错误：由于Content-Security-Policy 拒绝执行内联事件处理程序。

请帮我解决这些错误，这样我就可以使用我的Chrome扩展程序打开新选项卡中的所有链接。

解决方案

manifest_version的后果之一：2 是内容安全策略是默认启用的。 Chrome开发人员选择严格要求并始终禁止内嵌JavaScript代码 - 只允许放置在外部JavaScript文件中的代码执行（以防止扩展中的跨站点脚本漏洞）。因此，不应在 popup.html 中定义 getPageandSelectedTextIndex（）函数，而应将其放入 popup.js 文件并将其包含在 popup.html 中：

 < script type =text / javascriptsrc =popup.js>< / script> 
  

和< button onclick =getPageandSelectedTextIndex（）> 也必须改变， onclick 属性也是一个内联脚本。您应该分配一个ID属性：< button id =button> 。然后在 popup.js 中，您可以将一个事件处理程序附加到该按钮上：
$ b

  window.addEventListener（load，function（）
 {
 document.getElementById（button）
 .addEventListener（click，getPageandSelectedTextIndex，假）; 
}，假）; 
  




I am making a chrome extension that will open all links on a page in new tabs.

Here are my code files:

manifest.json

{
  "name": "A browser action which changes its icon when clicked.",
  "version": "1.1",
    "permissions": [
    "tabs", "<all_urls>"
  ],
 "browser_action": {     
    "default_title": "links",      // optional; shown in tooltip
    "default_popup": "popup.html"        // optional
  },
 "content_scripts": [
    {
    "matches": [ "<all_urls>" ],
      "js": ["background.js"]
    }
  ],
  "manifest_version": 2
}

popup.html

<!doctype html>
<html>
  <head>
    <title>My Awesome Popup!</title>
    <script>
function getPageandSelectedTextIndex() 
  { 
    chrome.tabs.getSelected(null, function(tab) { 
    chrome.tabs.sendRequest(tab.id, {greeting: "hello"}, function (response) 
    { 
        console.log(response.farewell); 
    }); 
   }); 
        } 
chrome.browserAction.onClicked.addListener(function(tab) { 
        getPageandSelectedTextIndex(); 
});
         </script>
  </head>
  <body>
    <button onclick="getPageandSelectedTextIndex()">
      </button>
  </body>
</html>

background.js

chrome.extension.onRequest.addListener(
  function(request, sender, sendResponse) {
    console.log(sender.tab ?
                "from a content script:" + sender.tab.url :
                "from the extension");
    if (request.greeting == "hello")
    updateIcon();  

});
function updateIcon() {
  var allLinks = document.links;
  for (var i=0; i<allLinks.length; i++) {
    alllinks[i].style.backgroundColor='#ffff00';

}
}

Initially I wanted to highlight all the links on the page or mark them in some way; but I get the error "Refused to execute inline script because of Content-Security-Policy".

When I press the button inside the popup, I get this error: Refused to execute inline event handler because of Content-Security-Policy.

Please help me fix these errors, so I can open all links in new tabs using my chrome extension.

解决方案

One of the consequences of "manifest_version": 2 is that Content Security Policy is enabled by default. And Chrome developers chose to be strict about it and always disallow inline JavaScript code - only code placed in an external JavaScript file is allowed to execute (to prevent Cross-Site Scripting vulnerabilities in extensions). So instead of defining getPageandSelectedTextIndex() function in popup.html you should put it into a popup.js file and include it in popup.html:

<script type="text/javascript" src="popup.js"></script>

And <button onclick="getPageandSelectedTextIndex()"> has to be changed as well, onclick attribute is also an inline script. You should assign an ID attribute instead: <button id="button">. Then in popup.js you can attach an event handler to that button:

window.addEventListener("load", function()
{
  document.getElementById("button")
          .addEventListener("click", getPageandSelectedTextIndex, false);
}, false);

这篇关于Google Chrome扩展程序制作中的Content-Security-Policy错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！