拒绝执行内联事件处理程序,因为它违反了CSP。 (SANDBOX) [英] Refused to execute inline event handler because it violates CSP. (SANDBOX)
问题描述
<$ c当我将Sandbox放入manifest.json时,我正在开发google chrome 打包的应用程序。 $ c $ {
manifest_version:2,
name:WM32216,
version:2.1,
minimum_chrome_version:23,
permissions:[webview,https://ajax.googleapis.com/*],
sandbox:{
pages:[index.html ]
},
app:{
background:{
scripts:[main.js]
}
} b
我的定位标记上的 onclick 事件有效,并且该应用程序的流程是完整的,除此之外,来自css样式表的图标无法加载。
我得到了错误控制台
文件未找到
,
但那些只是字体,所以对我来说很好,
最大的问题是,iframe中的视频无法播放,我得到了之前的额外错误字体是:
VIDEOJS:错误:(代码:4 MEDIA_ERR_SRC_NOT_SUPPORTED)媒体无法加载,因为服务器或网络失败或因为格式不受支持。
不允许加载本地资源:blob:null / b818b32c-b762-4bd9 -...
当我在manifest.json文件中删除沙盒时,一切都很好,控制台中没有关于字体的错误,
但是当我点击/点击我的定位标记,它具有点击事件以在js中加载新功能我收到以下控制台错误:
拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令:default-src'self'blob:filesystem:chrome-extension-resource:。 内联不安全关键字,散列('sha256 -...')或一个随机数('nonce -...')是启用内联执行所必需的。还要注意,'script-src'没有明确设置,所以'default-src'被用作后备。
对不起很长的细节,
我只需要帮助,因为我已经在这里呆了3天了。
解决方案回答您的非沙盒相关问题:
您的代码中包含以下内容:
< button onclick =myFunction()>点击我< / button>
简而言之,这在chrome应用程序中是不允许的。
html:
< button id =myButton>点击我< /按钮>
< script src =myScripts.js>< / script>
myScript.js:
document.getElementById(myButton)。addEventListener(click,myFunction);
函数myFunction(){
console.log('asd');
}
长篇小说:
在Chrome应用程序中,内容安全策略不允许内嵌JavaScript。所以你必须把你的javascript放在一个.js文件中,并将它包含到你的html中。
更多阅读: https://developer.chrome.com/extensions/contentSecurityPolicy
I'm developing a google chrome packaged app, when I put Sandbox in the manifest.json
{ "manifest_version": 2, "name": "WM32216", "version": "2.1", "minimum_chrome_version": "23", "permissions":["webview", "https://ajax.googleapis.com/*"], "sandbox":{ "pages":["index.html"] }, "app": { "background": { "scripts": ["main.js"] } } }
An onclick event on my anchor tag works, and the flow of the app is complete EXCEPT THAT, icons from a css stylesheet doesn't load.
I got an error from the console that
File not found
,but those are just fonts so it's fine with me,
The big problem is that, the video in the iframe doesn't play and I got additional error prior to the Font which are:
VIDEOJS: ERROR: (CODE:4 MEDIA_ERR_SRC_NOT_SUPPORTED) The media could not be loaded, either because the server or network failed or because the format is not supported.
Not allowed to load local resource: blob:null/b818b32c-b762-4bd9-...
When I remove the sandbox in the manifest.json file, everything is good no errors in the console about the font,
BUT when I hit/click my anchor tag that has a click event to load a new function in the js I'm getting the following Console Error :
Refused to execute inline event handler because it violates the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
Sorry for the very long detail,
I just need help with this because I'm stuck here for 3 days already.
解决方案Answer for your non sandbox related question:
You have something in your code like this:
<button onclick="myFunction()">Click me</button>
In a nutshell this is not allowed in chrome apps. Change this to the following and it will work:
html: <button id="myButton">Click me</button> <script src="myScripts.js"></script> myScript.js: document.getElementById("myButton").addEventListener("click", myFunction); function myFunction(){ console.log('asd'); }
Long story:
In chrome apps Content Security Policy does not allow inline javascript. So you have to put your javascript in a .js file and include it to your html.
Further reading: https://developer.chrome.com/extensions/contentSecurityPolicy
这篇关于拒绝执行内联事件处理程序,因为它违反了CSP。 (SANDBOX)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!