科尔多瓦 - 拒绝执行内联事件处理程序，因为它违反了以下内容安全策略 [英] Cordova - refuse to execute inline event handler because it violates the following content Security policy

问题描述

我在训练的科尔多瓦应用DEVELOPPEMENT我转身与内容安全策略的一个问题。

I'm training for cordova application developpement and i turn around a problem with Content Security Policy.

我的应用程序与Android模拟器上运行，但是当我要执行一个JavaScript我得到了NetBeans的消息（输出窗口）。

My application is running with the android emulator, but when i have to execute a javascript i get an message in netbeans (output window).

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' https://ssl.gstatic.com". (22:35:56:126 | error, security)
  at www/index.html:58

我的code是如下。这是我的index.html。 我试着去了解CSP如何工作的，我想我理解的概念，但在这种情况下，我不明白的问题。第58行是注释。

My code is below. This is my index.html. I try to understand how CSP works and i think i understand the concept, but in this case i don't understand the problem. Line 58 is comment.

<html>        
    <head>   

        <meta http-equiv="Content-Security-Policy" content="default-src 'self' * data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self'; script-src 'self' https://ssl.gstatic.com; media-src *">
        <meta name="format-detection" content="telephone=no">
        <meta name="msapplication-tap-highlight" content="no">
        <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">

        <title>Hello World</title>

        <link rel="stylesheet" type="text/css" href="css/index.css">

    </head>

    <body>
        <div class="app">
            <h1>Apache Cordova</h1>
            <div id="deviceready" class="blink">
                <p class="event listening">Connecting to Device</p>
                <p class="event received">Device is Ready</p>
            </div>
        </div>

        <!--
        line 58
        -->
        <button onclick="capturePhoto();">Capture Photo</button> <br>

        <img style="display:none;width:80px;height:80px;" id="smallImage" src="" />
        <img style="display:none;" id="largeImage" src="" />

        <script type="text/javascript" src="cordova.js"></script>
        <script type="text/javascript" src="js/index.js"></script>
    </body>        
  </html>

通过此先感谢您的帮助，因为我需要它。 杰罗姆

By advance thanks for your help because i need it. Jérôme

推荐答案

检查此链接<一个href="https://developer.chrome.com/extensions/contentSecurityPolicy">https://developer.chrome.com/extensions/contentSecurityPolicy它说：

内嵌的JavaScript将不会被执行。这种限制禁止内联块和内联事件处理程序（如按钮的onclick =...）。

Inline JavaScript will not be executed. This restriction bans both inline blocks and inline event handlers (e.g. button onclick="...").

所以，你可以用一个简单的事件侦听器的脚本标签中，如：

So you can use a simple event listener inside a script tag like:

document.getElementById("myBtn").addEventListener("click", capturePhoto);

这篇关于科尔多瓦 - 拒绝执行内联事件处理程序，因为它违反了以下内容安全策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！