Javascript Firefox在self上阻止资源加载(“;script src”;)
我正在尝试为firefox创建一个待办扩展,我需要在单击delete按钮时触发一个函数(第8行) 当我运行此程序并单击按钮时,会出现以下错误Javascript Firefox在self上阻止资源加载(“;script src”;),javascript,firefox-addon,meta,content-security-policy,Javascript,Firefox Addon,Meta,Content Security Policy,我正在尝试为firefox创建一个待办扩展,我需要在单击delete按钮时触发一个函数(第8行) 当我运行此程序并单击按钮时,会出现以下错误 Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: onclick attribute on BUTTON element. 我试着使用meta标记并给脚本src“unsafe inli
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: onclick attribute on BUTTON element.
我试着使用meta标记并给脚本src“unsafe inline”,但它也不起作用。我对这个内容安全策略没有什么好主意
是否有其他方法可以实现这一点,或者我做错了什么?这里的问题是HTML onclick属性。要正确执行此操作,您需要像在稍后的click listener上一样使用addEventListener
// Untested, but it should put you on the correct path
var ul = document.createElement('ul');
ul.classList.add('list-group', 'list-group-flush');
var i;
for (i = 0; i < res.todos.length; i+=4) {
// I'm ignoring <ul class="list-group list-group-flush"> from your example, because
// this doesn't look like you intend to be nesting lists
var li = document.createElement('li';
li.classList.add('list-group-item');
// In your example, you had left an open XSS vulnerability by simply
// concatenating user todos with your markup, textContent is much safer
li.textContent = res.todos[i]+' '+res.todos[i+1]+' '+res.todos[i+2];
ul.appendChild(li);
var button = document.createElement('button');
button.classList.add('btn', 'btn-primary');
button.addEventListener('click', myFunc);
button.id = i;
ul.appendChild(button);
}
document.getElementById("oldTodos").innerHTML = '';
document.getElementById("oldTodos").appendChild(ul);
//未经测试,但它会让您走上正确的道路
var ul=document.createElement('ul');
ul.classList.add('list-group','list-group-flush');
var i;
对于(i=0;i,因为
//这看起来不像是要嵌套列表
var li=document.createElement('li';
li.classList.add('list-group-item');
//在您的示例中,您只需简单地
//将用户TODO与标记连接起来,textContent更安全
li.textContent=res.todos[i]+''+res.todos[i+1]+''+res.todos[i+2];
ul.儿童(li);
var button=document.createElement('button');
button.classList.add('btn','btn primary');
按钮。addEventListener('click',myFunc);
button.id=i;
ul.附件(按钮);
}
document.getElementById(“oldTodos”).innerHTML='';
文件.getElementById(“oldTodos”).appendChild(ul);
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: onclick attribute on BUTTON element.
// Untested, but it should put you on the correct path
var ul = document.createElement('ul');
ul.classList.add('list-group', 'list-group-flush');
var i;
for (i = 0; i < res.todos.length; i+=4) {
// I'm ignoring <ul class="list-group list-group-flush"> from your example, because
// this doesn't look like you intend to be nesting lists
var li = document.createElement('li';
li.classList.add('list-group-item');
// In your example, you had left an open XSS vulnerability by simply
// concatenating user todos with your markup, textContent is much safer
li.textContent = res.todos[i]+' '+res.todos[i+1]+' '+res.todos[i+2];
ul.appendChild(li);
var button = document.createElement('button');
button.classList.add('btn', 'btn-primary');
button.addEventListener('click', myFunc);
button.id = i;
ul.appendChild(button);
}
document.getElementById("oldTodos").innerHTML = '';
document.getElementById("oldTodos").appendChild(ul);