Chrome显示错误为：由于内容安全策略拒绝执行内联脚本 [英] Chrome showing error as: Refused to execute inline script because of Content-Security-Policy

问题描述

我正在创建一个图像裁剪小工具的Chrome扩展程序。我的 popup.html 的代码如下：

I am working on creating a Chrome Extension of an Image Cropping Widget. The code of my popup.html is as follows:

    <body>
            <textarea id="widget_script" style="border:1px solid #ccc;padding:5px;width:600px" rows="5" readonly></textarea>
            <script type="text/javascript">
                var protocol=window.location.protocol;
                var host= window.location.host;
                var head=('<div id="wd_id" style="margin-bottom: 20px;"></div>
                <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></\script>
                <script type="text/javascript" src="'+protocol+'//'+host+'Image_crop/cropimages/img_crop_widget.js'+'"><\/script>
                <script type="text/javascript">init_widget()<\/script>');
                document.getElementById("widget_script").innerHTML=head;
            </script>
    </body>

变量协议和主机 em>协议和主机。当我试图将其作为Chrome扩展程序集成时，它不起作用。当它完美地工作时，它会在textarea中显示以下代码：

The variables protocol and host take protocol and host from URL in the browser. When I tried to integrate this as a Chrome extension, it is not working. When it works perfectly, it displays following code in the textarea:

<div id="wd_id" style="margin-bottom: 20px;"></div>
<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://localhost/cropimages/img_crop_widget.js"></script>
<script type="text/javascript">init_widget()</script>

我有一些东西，比如将JS代码放在外部JS文件中，并且还调用文件在 manifest.json 中调用它在 popup.html 中，但是没有任何工作。

I have things few things like, placing the JS code in external JS file and and also calling the file in manifest.json calling it in my popup.html, but none worked.

任何人都可以告诉我我做错了什么，或者我应该尝试做什么？

Can anyone tell me what I am doing wrong, or what else should I try to make it work?

预先感谢...

推荐答案

从 Chrome扩展程序CSP文档：

From the Chrome extension CSP docs:

内联JavaScript将不会执行。此限制禁止内联< script> 块和内联事件处理程序（例如< button onclick =...> ）。

Inline JavaScript will not be executed. This restriction bans both inline <script> blocks and inline event handlers (e.g. <button onclick="...">).

您不能在您的扩展HTML中包含内嵌脚本，如：

You cannot have inline scripts in your extension HTML like:

<script>alert("I'm an inline script!");</script>

<button onclick="alert('I am an inline script, too!')">

相反，您必须将脚本放入单独的文件中：

Rather, you must place your script into a separate file:

<script src="somescript.js"></script>

这篇关于Chrome显示错误为：由于内容安全策略拒绝执行内联脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！