Chrome显示错误为:由于内容安全策略拒绝执行内联脚本 [英] Chrome showing error as: Refused to execute inline script because of Content-Security-Policy
问题描述
我正在创建一个图像裁剪小工具的Chrome扩展程序。我的 popup.html
的代码如下:
I am working on creating a Chrome Extension of an Image Cropping Widget. The code of my popup.html
is as follows:
<body>
<textarea id="widget_script" style="border:1px solid #ccc;padding:5px;width:600px" rows="5" readonly></textarea>
<script type="text/javascript">
var protocol=window.location.protocol;
var host= window.location.host;
var head=('<div id="wd_id" style="margin-bottom: 20px;"></div>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></\script>
<script type="text/javascript" src="'+protocol+'//'+host+'Image_crop/cropimages/img_crop_widget.js'+'"><\/script>
<script type="text/javascript">init_widget()<\/script>');
document.getElementById("widget_script").innerHTML=head;
</script>
</body>
变量协议和主机 em>协议和主机。当我试图将其作为Chrome扩展程序集成时,它不起作用。当它完美地工作时,它会在textarea中显示以下代码:
The variables protocol and host take protocol and host from URL in the browser. When I tried to integrate this as a Chrome extension, it is not working. When it works perfectly, it displays following code in the textarea:
<div id="wd_id" style="margin-bottom: 20px;"></div>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://localhost/cropimages/img_crop_widget.js"></script>
<script type="text/javascript">init_widget()</script>
我有一些东西,比如将JS代码放在外部JS文件中,并且还调用文件在 manifest.json
中调用它在 popup.html
中,但是没有任何工作。
I have things few things like, placing the JS code in external JS file and and also calling the file in manifest.json
calling it in my popup.html
, but none worked.
任何人都可以告诉我我做错了什么,或者我应该尝试做什么?
Can anyone tell me what I am doing wrong, or what else should I try to make it work?
预先感谢...
推荐答案
From the Chrome extension CSP docs:
内联JavaScript将不会执行。此限制禁止内联
< script>
块和内联事件处理程序(例如< button onclick =...>
)。
Inline JavaScript will not be executed. This restriction bans both inline
<script>
blocks and inline event handlers (e.g.<button onclick="...">
).
您不能在您的扩展HTML中包含内嵌脚本,如:
You cannot have inline scripts in your extension HTML like:
<script>alert("I'm an inline script!");</script>
<button onclick="alert('I am an inline script, too!')">
相反,您必须将脚本放入单独的文件中:
Rather, you must place your script into a separate file:
<script src="somescript.js"></script>
这篇关于Chrome显示错误为:由于内容安全策略拒绝执行内联脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!