Bagaimana untuk membetulkan ralat CSP? "Pelaksanaan pengendali acara sebaris dinafikan kerana ia melanggar arahan Dasar Keselamatan Kandungan berikut..."
P粉781235689
P粉781235689 2023-08-30 11:44:31
0
1
828
<p>我在 script-src 中添加随机数值时收到 CSP 错误。 这是我正在设置的 CSP - 内容安全策略:默认 src '无'; script-src 'self' '不安全评估' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希'; frame-src 'self' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希';连接-src'自我'; img-src“自身”数据:; style-src 'self' '不安全内联';对象-src'自我'; font-src'自身'数据:;</code></p> <p>我的JS文件内容是-</p> <pre class="brush:php;toolbar:false;"><html dir=&quot;ltr&quot;> <head> <meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot; /> <title> WebHelp Navigation Toolbar </title> <style> <!-- body {margin:0;} --> </style> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whver.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whutils.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whmsg.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whproxy.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whmozemu.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whtbar.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' type=&quot;text/javascript&quot; language=&quot;JavaScript1.2&quot;> //<![CDATA[ function printTopic() { var topicPane; if (top.frames[0].name == &quot;ContentFrame&quot;) topicPane = top.frames[0].frames[1].frames[1]; else topicPane = top.frames[1].frames[1]; topicPane.focus(); var msg = new whMessage(WH_MSG_PRINT, 0, 0); notify(msg); } //]]> </script> </head> <body marginheight=&quot;0&quot; marginwidth=&quot;0&quot; bgcolor=&quot;#363f48&quot; background=&quot;background.png&quot; scroll=&quot;no&quot;> <script nonce='b1967a39a02f45edbac95cbb4651bd12' language=&quot;javascript1.2&quot;> <!-- if (window.gbWhTBar) { setButtonFont(&quot;toc&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;toc&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;idx&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;idx&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;fts&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;fts&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;glo&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;glo&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;searchform&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;searchform&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;, true); setButtonFont(&quot;banner&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;); setButtonFont(&quot;banner&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;, true); setButtonFont(&quot;custom15160&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;custom15160&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); gsIToc = &quot;wht_toc_n.gif&quot;; gsITocS = &quot;wht_toc_h.gif&quot;; gsIIndex = &quot;wht_idx_n.gif&quot;; gsIIndexS = &quot;wht_idx_h.gif&quot;; gsISearch = &quot;wht_fts_n.gif&quot;; gsISearchS = &quot;wht_fts_h.gif&quot;; gsIGlossary = &quot;wht_glo_n.gif&quot;; gsIGlossaryS = &quot;wht_glo_h.gif&quot;; gsIWebSearch = &quot;wht_ws.gif&quot;; gsIWebSearchD = &quot;wht_ws_g.gif&quot;; gsIBanner = &quot;wht_logo1.gif&quot;; gsIGo = &quot;wht_go.gif&quot;; setBackgroundcolor(&quot;#363f48&quot;); setBackground(&quot;background.png&quot;); setAlignment(&quot;left&quot;); setGoImage(&quot;search-input-go.png&quot;); if (!gsBgImage) { setButtonBgColor(&quot;toc&quot;, gsBgColor); setButtonBgColor(&quot;idx&quot;, gsBgColor); setButtonBgColor(&quot;fts&quot;, gsBgColor); setButtonBgColor(&quot;glo&quot;, gsBgColor); setButtonBgColor(&quot;toc&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;idx&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;fts&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;glo&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;toc&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;idx&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;fts&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;glo&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;searchform&quot;,&quot;&quot;); setButtonBgColor(&quot;banner&quot;,&quot;&quot;); setButtonBgColor(&quot;custom15160&quot;,&quot;#363f48&quot;); } setButtonBgColor(&quot;toc&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;idx&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;fts&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;glo&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;searchform&quot;,&quot;&quot;, true); setButtonBgColor(&quot;banner&quot;,&quot;&quot;, true); setButtonBgColor(&quot;custom15160&quot;,&quot;#363f48&quot;, true); addButton(&quot;toc&quot;,BTN_TEXT|BTN_IMG,&quot;Contents&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;contents-unselected.png&quot;,&quot;contents-selected.png&quot;,&quot;&quot;,&quot;contents-selected.png&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;fts&quot;,BTN_TEXT|BTN_IMG,&quot;Search&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;search-unselected.png&quot;,&quot;search-selected.png&quot;,&quot;&quot;,&quot;search-selected.png&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;searchform&quot;,BTN_TEXT,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;custom15160&quot;,BTN_TEXT|BTN_IMG,&quot;Print&quot;,&quot;&quot;,&quot;printTopic();&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;print-unselected.png&quot;,&quot;print-selected.png&quot;,&quot;&quot;,&quot;print-selected.png&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;blankblock&quot;); writeStyle(false); ReSortToolbarButtons(); } else document.location.reload(); //--> </script> </body></pre> <p>从 script-src 中删除“unsafe-inline”并添加“nonce-b1967a39a02f45edbac95cbb4651bd12”后,我收到此错误。在这个问题上纠结了好久。需要一些指导。提前致谢。</p>
P粉781235689
P粉781235689

membalas semua(1)
P粉237647645

Mesej ralat menunjukkan bahawa anda mempunyai pengendali acara sebaris, yang bermaksud anda mempunyai atribut onclick, onblur, onchange, dll. di suatu tempat. Mesej ralat mungkin mengandungi pautan ke kod sebenar.

Untuk membenarkan pengendali acara sebaris, anda perlu menggunakan salah satu daripada ini

  • "cincang tidak selamat" dan cincang kod
  • 'sebaris tidak selamat'

Walau bagaimanapun, jika anda dapat menulis semula kod, pilihan terbaik anda ialah menggunakan pendengar acara.

Harta ini bukan nonceable, jadi kaedah nonce anda tidak akan berfungsi dengan kod ini.

Muat turun terkini
Lagi>
kesan web
Kod sumber laman web
Bahan laman web
Templat hujung hadapan