Chrome扩展程序“拒绝将字符串评估为JavaScript，因为'unsafe-eval' [英] Chrome extension "Refused to evaluate a string as JavaScript because 'unsafe-eval'

查看：12497 发布时间：2018/5/9 18:34:44 javascript json google-chrome-extension content-security-policy

本文介绍了Chrome扩展程序“拒绝将字符串评估为JavaScript，因为'unsafe-eval'的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有一个错误：

拒绝执行内联脚本，因为它违反了以下内容安全性
Policy指令： code>script-src'self'chrome-extension-resource：。
'unsafe-inline'关键字，
散列（'sha256 -...''nonce -...'）来启用
行内执行。

chrome-extension：//ldbpohccneabbobcklhiakmbhoblcpof/popup.html：1

拒绝将字符串评估为JavaScript，因为'unsafe -eval'是
不是下列内容安全性中允许的脚本源
Policy指令：script-src'self'chrome-extension-资源：。

代码popup.js

  $（document）.ready（function（）{
 $ .getJSON（'http：//.......alerts.json'，function （data）{
 alert（'HELLO'）; 
}）; 
}）;

清单：

  {
manifest_version：2，
 
name：Alert，
description：此扩展名为。，
version：2.0，
content_security_policy：script-src'self''unsafe-eval'; object-src'self'，
permissions：[
http：//www.......il/
，
browser_action：{
default_icon：icon.png，
 default_popup：popup.html
}，
content_scripts：[{
js：[jquery.min.js，popup.js]，
matches：[http：// * / *，https：// * / *] 
}] 
} 
  
 
 
 弹出式菜单： 
 
 
 <！doctype html> 
< html> 
< head> 
< title>入门Extension的弹出式菜单< / title> 
< style> 
 body {
 min-width：357px; 
 overflow-x：hidden; 
} 
 
 img {
 margin：5px; 
 border：2px纯黑色; 
 vertical-align：middle; 
 width：75px; 
 height：75px; 
} 
< / style> 
< head> 
< script src ='jquery.min.js'>< / script> 
< script src ='popup.js'>< / script> 
< / head> 
< / head> 
< body> 
< / body> 
< / html> 
  
 
 
解决方案
我有这条消息，因为Chrome不允许内联脚本和内联事件处理程序（如onClick）：必须将它们移动到外部JS文件（例如popup.js），并且必须使用addEventListener（）将事件与DOM对象关联。
 
 
 例如：
 
 
 < body onload =initialize（）> 
< button onclick =handleClick（）id =button1> 
  
必须替换为： 
 
 
  window.addEventListener（load，initialize）; 
 document.getElementById（button1）。addEventListener（click，handleClick）; 
  
在你的情况中，我没有在HTML中看到任何JS，但你有几件事可以尝试：
 
 
 
 移动popup.js包括在之前。
 
 更正html（double头部）。
 
 从清单中移除content_scripts部分。内容脚本应该针对页面内容执行，它们不是包含在页面或浏览器操作弹出窗口中的JS文件。浏览器操作部分就足够了。
 
 
 
 
 请参阅 Chrome扩展清单V2笔记 
 
I have an error:

  Refused to execute inline script because it violates the following Content Security
  Policy directive: "script-src 'self' chrome-extension-resource:".
  Either the 'unsafe-inline' keyword, a
  hash ('sha256-...'), or a nonce ('nonce-...') is required to enable
  inline execution.
  
  chrome-extension://ldbpohccneabbobcklhiakmbhoblcpof/popup.html:1
  
  Refused to evaluate a string as JavaScript because 'unsafe-eval' is
  not an allowed source of script in the following Content Security
  Policy directive: "script-src 'self' chrome-extension-resource:".
the code popup.js
$(document).ready(function() {
     $.getJSON('http://.......alerts.json', function(data) {
        alert('HELLO');
      });
});
Manifest:
{
  "manifest_version": 2,

  "name": "Alert",
  "description": "This extension for  .",
  "version": "2.0",
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
  "permissions": [
    "http://www.......il/"
  ],
  "browser_action": {
    "default_icon": "icon.png",
    "default_popup": "popup.html"
  },
  "content_scripts": [ {
    "js": [ "jquery.min.js", "popup.js" ],
    "matches": [ "http://*/*", "https://*/*"]
  }]
}
Popup:
<!doctype html>
<html>
  <head>
    <title>Getting Started Extension's Popup</title>
    <style>
      body {
        min-width: 357px;
        overflow-x: hidden;
      }

      img {
        margin: 5px;
        border: 2px solid black;
        vertical-align: middle;
        width: 75px;
        height: 75px;
      }
    </style>
     <head>
     <script src='jquery.min.js'></script>
     <script src='popup.js'></script>
</head>
  </head>
  <body>
  </body>
</html>

 解决方案 
I had this message because Chrome doesn't allow inline scripts and inline events handler (like onClick) anymore: they have to be moved to an external JS file (e.g. popup.js) and addEventListener() has to be used to associate events to DOM objects.

For example:
<body onload="initialize()">
<button onclick="handleClick()" id="button1">
has to be replaced by:
window.addEventListener("load", initialize);
document.getElementById("button1").addEventListener("click",handleClick);
In your case, I don't see any JS in the HTML but there are a few things you could  try:


move popup.js include just before the .
correct the html (double head).
remove the content_scripts section from the manifest. Content scripts are supposed to be executed against the content of the page, they are not the JS file included in the page or browser action popup. The browser action section should suffice.


See Chrome extension manifest V2 notes

                        这篇关于Chrome扩展程序“拒绝将字符串评估为JavaScript，因为'unsafe-eval'的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Chrome扩展程序“拒绝将字符串评估为JavaScript，因为'unsafe-eval' [英] Chrome extension "Refused to evaluate a string as JavaScript because 'unsafe-eval'

问题描述

相关文章

前端开发最新文章

热门教程

热门工具

登录关闭

Chrome扩展程序“拒绝将字符串评估为JavaScript，因为'unsafe-eval' [英] Chrome extension &quot;Refused to evaluate a string as JavaScript because &#39;unsafe-eval&#39;

问题描述

相关文章

前端开发最新文章

热门教程

热门工具

登录 关闭

Chrome扩展程序“拒绝将字符串评估为JavaScript，因为'unsafe-eval' [英] Chrome extension "Refused to evaluate a string as JavaScript because 'unsafe-eval'

登录关闭