如何修复chrome扩展内联JavaScript调用错误?
我正在制作一个chrome扩展,但是当我试图触发onclick()事件时,似乎出现了以下错误 及 这是我的manifest.json:如何修复chrome扩展内联JavaScript调用错误?,javascript,google-chrome,google-chrome-extension,content-security-policy,Javascript,Google Chrome,Google Chrome Extension,Content Security Policy,我正在制作一个chrome扩展,但是当我试图触发onclick()事件时,似乎出现了以下错误 及 这是我的manifest.json: { "manifest_version": 2, "name": "SECURE", "description": "this extension offers secure communication for GMAIL users", "version": "1.0", "browser_action": { "default
{
"manifest_version": 2,
"name": "SECURE",
"description": "this extension offers secure communication for GMAIL users",
"version": "1.0",
"browser_action": {
"default_icon": "resources/icon16.png",
"default_popup": "popup.html",
"default_title": "Click here!"
},
"background":{
"scripts":["background.js"]
},
"content_scripts": [
{
"matches": ["http://*/*", "https://*/*"],
"js":["myscript.js"],
"run_at": "document_end"
}
],
"permissions": ["identity", "https://accounts.google.com/*", "https://www.googleapis.com/*"],
"oauth2": {
"client_id": "975410329966.apps.googleusercontent.com",
"scopes": [
"<all urls>",
"https://www.googleapis.com/auth/drive",
"https://mail.google.com/",
"https://www.googleapis.com/auth/gmail.login",
"https://www.googleapis.com/auth/gmail.compose",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send"
],
"content_security_policy":"script-src 'self' 'unsafe-inline' 'unsafe eval' https://apis.google.com/js/client.js?; object-src 'self'"
}
}
{
“清单版本”:2,
“名称”:“安全”,
“说明”:“此扩展为GMAIL用户提供安全通信”,
“版本”:“1.0”,
“浏览器操作”:{
“默认图标”:“resources/icon16.png”,
“默认弹出窗口”:“popup.html”,
“默认标题”:“单击此处!”
},
“背景”:{
“脚本”:[“background.js”]
},
“内容脚本”:[
{
“匹配项”:[“http://*/*”,“https://*/*”],
“js”:[“myscript.js”],
“运行时间”:“文档结束”
}
],
“权限”:[“标识”https://accounts.google.com/*", "https://www.googleapis.com/*"],
“oauth2”:{
“客户id”:“975410329966.apps.googleusercontent.com”,
“范围”:[
"",
"https://www.googleapis.com/auth/drive",
"https://mail.google.com/",
"https://www.googleapis.com/auth/gmail.login",
"https://www.googleapis.com/auth/gmail.compose",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send"
],
“内容安全策略”:“脚本src'self”“不安全内联”“不安全评估”https://apis.google.com/js/client.js?;对象src“self”
}
}
如果您能帮助修复此错误,我们将不胜感激。默认情况下,不会加载内联脚本,只能加载本地脚本。您可以通过以下方式放宽默认策略:
https://apis.google.com/js/client.js?onload=handleClientLoad
在manifest.json
"content_security_policy":"script-src 'self' https://apis.google.com; object-src 'self'"
另外,我认为更好的方法是下载远程client.js
并将其作为本地脚本包含。不安全内联
不再有效
在Chrome45之前,没有任何机制可以放松对执行内联JavaScript的限制。特别是,设置包含“不安全内联”的脚本策略将无效
我通过将所有内容外包到JavaScript文件中解决了这个问题。 因此,与JS文件中html中的onclick方法不同:
window.onload = function () {
document.getElementById("button").onclick = <function>;
}
window.onload=函数(){
document.getElementById(“按钮”).onclick=;
}
您可以使用此选项,而不是在外部文件中单击:
document.getElementById("#divId").addEventListener("click", myFunction);
可能重复的
window.onload = function () {
document.getElementById("button").onclick = <function>;
}
document.getElementById("#divId").addEventListener("click", myFunction);