Refused to execute inline script because it violates the following Content Security Policy directive

最新推荐文章于 2024-05-15 11:13:54 发布

luanxiyuan

最新推荐文章于 2024-05-15 11:13:54 发布

阅读量2.5w

点赞数 5

分类专栏：经(cǎi)验(kēng)总结

本文链接：https://blog.csdn.net/luanxiyuan/article/details/122826227

版权

Chrome扩展 Content-Security-Policy JavaScript 内联脚本错误修复

关键词由CSDN通过智能技术生成

经(cǎi)验(kēng)总结专栏收录该内容

251 篇文章 3 订阅

订阅专栏

问题描述：

在popup.html页面中使用JavaScript脚本报错，错误详情如下：

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-lDgaSYqVR2ZZR/bWhKwz9AVnrM/j8AgWS8+Cs/dASfI='), or a nonce ('nonce-...') is required to enable inline execution.

根据错误定位到语句，如下语句出错：

<script type="text/javascript" src="js/jquery-1.8.2.min.js"></script>
<script type="text/javascript">//运行到此处出错
$(".click-oc1").click(function(){
      window.open("http://www.oceancoder.cn");
    })
</script>

解决方法一：

将代码保存为独立的js文件，然后动态引用即可。

<script type="text/javascript" src="js/jquery-1.8.2.min.js"></script>
<script type="text/javascript" src="js/func.js"></script>//将上述代码保存到独立文件func.js即可

解决方法二：

添加script-src * 'unsafe-inline'，对于页面内部标签不进行安全验证。修改后如下

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *;script-src * 'unsafe-inline'">

luanxiyuan

关注

5
点赞
踩
8

收藏

觉得还不错? 一键收藏
0
评论
Refused to execute inline script because it violates the following Content Security Policy directive

问题描述：在popup.html页面中使用JavaScript脚本报错，错误详情如下：Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a has
复制链接

扫一扫

专栏目录