如何修复 CSP 错误? '拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令......”
P粉781235689
P粉781235689 2023-08-30 11:44:31
0
1
854
<p>我在 script-src 中添加随机数值时收到 CSP 错误。 这是我正在设置的 CSP - 内容安全策略:默认 src '无'; script-src 'self' '不安全评估' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希'; frame-src 'self' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希';连接-src'自我'; img-src“自身”数据:; style-src 'self' '不安全内联';对象-src'自我'; font-src'自身'数据:;</code></p> <p>我的JS文件内容是-</p> <pre class="brush:php;toolbar:false;"><html dir=&quot;ltr&quot;> <head> <meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot; /> <title> WebHelp Navigation Toolbar </title> <style> <!-- body {margin:0;} --> </style> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whver.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whutils.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whmsg.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whproxy.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whmozemu.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' src=&quot;whtbar.js&quot; charset=&quot;utf-8&quot;></script> <script nonce='b1967a39a02f45edbac95cbb4651bd12' type=&quot;text/javascript&quot; language=&quot;JavaScript1.2&quot;> //<![CDATA[ function printTopic() { var topicPane; if (top.frames[0].name == &quot;ContentFrame&quot;) topicPane = top.frames[0].frames[1].frames[1]; else topicPane = top.frames[1].frames[1]; topicPane.focus(); var msg = new whMessage(WH_MSG_PRINT, 0, 0); notify(msg); } //]]> </script> </head> <body marginheight=&quot;0&quot; marginwidth=&quot;0&quot; bgcolor=&quot;#363f48&quot; background=&quot;background.png&quot; scroll=&quot;no&quot;> <script nonce='b1967a39a02f45edbac95cbb4651bd12' language=&quot;javascript1.2&quot;> <!-- if (window.gbWhTBar) { setButtonFont(&quot;toc&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;toc&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;idx&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;idx&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;fts&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;fts&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;glo&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;glo&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); setButtonFont(&quot;searchform&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;searchform&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;, true); setButtonFont(&quot;banner&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;); setButtonFont(&quot;banner&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;, true); setButtonFont(&quot;custom15160&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;#a7abaf&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;); setButtonFont(&quot;custom15160&quot;,&quot;Arial&quot;,&quot;11pt&quot;,&quot;White&quot;,&quot;Normal&quot;,&quot;Normal&quot;,&quot;none&quot;, true); gsIToc = &quot;wht_toc_n.gif&quot;; gsITocS = &quot;wht_toc_h.gif&quot;; gsIIndex = &quot;wht_idx_n.gif&quot;; gsIIndexS = &quot;wht_idx_h.gif&quot;; gsISearch = &quot;wht_fts_n.gif&quot;; gsISearchS = &quot;wht_fts_h.gif&quot;; gsIGlossary = &quot;wht_glo_n.gif&quot;; gsIGlossaryS = &quot;wht_glo_h.gif&quot;; gsIWebSearch = &quot;wht_ws.gif&quot;; gsIWebSearchD = &quot;wht_ws_g.gif&quot;; gsIBanner = &quot;wht_logo1.gif&quot;; gsIGo = &quot;wht_go.gif&quot;; setBackgroundcolor(&quot;#363f48&quot;); setBackground(&quot;background.png&quot;); setAlignment(&quot;left&quot;); setGoImage(&quot;search-input-go.png&quot;); if (!gsBgImage) { setButtonBgColor(&quot;toc&quot;, gsBgColor); setButtonBgColor(&quot;idx&quot;, gsBgColor); setButtonBgColor(&quot;fts&quot;, gsBgColor); setButtonBgColor(&quot;glo&quot;, gsBgColor); setButtonBgColor(&quot;toc&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;idx&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;fts&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;glo&quot;, gsTBSelectedBgColor, true); setButtonBgColor(&quot;toc&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;idx&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;fts&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;glo&quot;,&quot;#363f48&quot;); setButtonBgColor(&quot;searchform&quot;,&quot;&quot;); setButtonBgColor(&quot;banner&quot;,&quot;&quot;); setButtonBgColor(&quot;custom15160&quot;,&quot;#363f48&quot;); } setButtonBgColor(&quot;toc&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;idx&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;fts&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;glo&quot;,&quot;#363f48&quot;, true); setButtonBgColor(&quot;searchform&quot;,&quot;&quot;, true); setButtonBgColor(&quot;banner&quot;,&quot;&quot;, true); setButtonBgColor(&quot;custom15160&quot;,&quot;#363f48&quot;, true); addButton(&quot;toc&quot;,BTN_TEXT|BTN_IMG,&quot;Contents&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;contents-unselected.png&quot;,&quot;contents-selected.png&quot;,&quot;&quot;,&quot;contents-selected.png&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;fts&quot;,BTN_TEXT|BTN_IMG,&quot;Search&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;search-unselected.png&quot;,&quot;search-selected.png&quot;,&quot;&quot;,&quot;search-selected.png&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;searchform&quot;,BTN_TEXT,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;custom15160&quot;,BTN_TEXT|BTN_IMG,&quot;Print&quot;,&quot;&quot;,&quot;printTopic();&quot;,&quot;&quot;,&quot;&quot;,0,0,&quot;print-unselected.png&quot;,&quot;print-selected.png&quot;,&quot;&quot;,&quot;print-selected.png&quot;,&quot;&quot;,&quot;&quot;); addButton(&quot;blankblock&quot;); writeStyle(false); ReSortToolbarButtons(); } else document.location.reload(); //--> </script> </body></pre> <p>从 script-src 中删除“unsafe-inline”并添加“nonce-b1967a39a02f45edbac95cbb4651bd12”后,我收到此错误。在这个问题上纠结了好久。需要一些指导。提前致谢。</p>
P粉781235689
P粉781235689

全部回复(1)
P粉237647645

错误消息表明您有一个内联事件处理程序,这意味着您在某处有一个 onclick、onblur、onchange 等属性。错误消息可能包含指向实际代码的链接。

要允许内联事件处理程序,您需要使用其中之一

  • “unsafe-hashes”和代码的哈希
  • '不安全内联'

但是,如果您能够重写代码,最好的选择是使用事件侦听器。

属性不是 nonceable,因此您的 nonce 方法不适用于这段代码。

热门教程
更多>
最新下载
更多>
网站特效
网站源码
网站素材
前端模板