如何修复 CSP 错误? '拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令......”
P粉781235689
2023-08-30 11:44:31
<p>我在 script-src 中添加随机数值时收到 CSP 错误。
这是我正在设置的 CSP -
内容安全策略:默认 src '无'; script-src 'self' '不安全评估' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希'; frame-src 'self' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希';连接-src'自我'; img-src“自身”数据:; style-src 'self' '不安全内联';对象-src'自我'; font-src'自身'数据:;</code></p>
<p>我的JS文件内容是-</p>
<pre class="brush:php;toolbar:false;"><html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> WebHelp Navigation Toolbar </title>
<style>
<!--
body {margin:0;}
-->
</style>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whver.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whutils.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whmsg.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whproxy.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whmozemu.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' src="whtbar.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12' type="text/javascript" language="JavaScript1.2">
//<![CDATA[
function printTopic() {
var topicPane;
if (top.frames[0].name == "ContentFrame")
topicPane = top.frames[0].frames[1].frames[1];
else
topicPane = top.frames[1].frames[1];
topicPane.focus();
var msg = new whMessage(WH_MSG_PRINT, 0, 0);
notify(msg);
}
//]]>
</script>
</head>
<body marginheight="0" marginwidth="0" bgcolor="#363f48" background="background.png" scroll="no">
<script nonce='b1967a39a02f45edbac95cbb4651bd12' language="javascript1.2">
<!--
if (window.gbWhTBar)
{
setButtonFont("toc","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("toc","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("idx","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("idx","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("fts","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("fts","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("glo","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("glo","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("searchform","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("searchform","","","","","","", true);
setButtonFont("banner","","","","","","");
setButtonFont("banner","","","","","","", true);
setButtonFont("custom15160","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("custom15160","Arial","11pt","White","Normal","Normal","none", true);
gsIToc = "wht_toc_n.gif";
gsITocS = "wht_toc_h.gif";
gsIIndex = "wht_idx_n.gif";
gsIIndexS = "wht_idx_h.gif";
gsISearch = "wht_fts_n.gif";
gsISearchS = "wht_fts_h.gif";
gsIGlossary = "wht_glo_n.gif";
gsIGlossaryS = "wht_glo_h.gif";
gsIWebSearch = "wht_ws.gif";
gsIWebSearchD = "wht_ws_g.gif";
gsIBanner = "wht_logo1.gif";
gsIGo = "wht_go.gif";
setBackgroundcolor("#363f48");
setBackground("background.png");
setAlignment("left");
setGoImage("search-input-go.png");
if (!gsBgImage)
{
setButtonBgColor("toc", gsBgColor);
setButtonBgColor("idx", gsBgColor);
setButtonBgColor("fts", gsBgColor);
setButtonBgColor("glo", gsBgColor);
setButtonBgColor("toc", gsTBSelectedBgColor, true);
setButtonBgColor("idx", gsTBSelectedBgColor, true);
setButtonBgColor("fts", gsTBSelectedBgColor, true);
setButtonBgColor("glo", gsTBSelectedBgColor, true);
setButtonBgColor("toc","#363f48");
setButtonBgColor("idx","#363f48");
setButtonBgColor("fts","#363f48");
setButtonBgColor("glo","#363f48");
setButtonBgColor("searchform","");
setButtonBgColor("banner","");
setButtonBgColor("custom15160","#363f48");
}
setButtonBgColor("toc","#363f48", true);
setButtonBgColor("idx","#363f48", true);
setButtonBgColor("fts","#363f48", true);
setButtonBgColor("glo","#363f48", true);
setButtonBgColor("searchform","", true);
setButtonBgColor("banner","", true);
setButtonBgColor("custom15160","#363f48", true);
addButton("toc",BTN_TEXT|BTN_IMG,"Contents","","","","",0,0,"contents-unselected.png","contents-selected.png","","contents-selected.png","","");
addButton("fts",BTN_TEXT|BTN_IMG,"Search","","","","",0,0,"search-unselected.png","search-selected.png","","search-selected.png","","");
addButton("searchform",BTN_TEXT,"","","","","",0,0,"","","","","","");
addButton("custom15160",BTN_TEXT|BTN_IMG,"Print","","printTopic();","","",0,0,"print-unselected.png","print-selected.png","","print-selected.png","","");
addButton("blankblock");
writeStyle(false);
ReSortToolbarButtons();
}
else
document.location.reload();
//-->
</script>
</body></pre>
<p>从 script-src 中删除“unsafe-inline”并添加“nonce-b1967a39a02f45edbac95cbb4651bd12”后,我收到此错误。在这个问题上纠结了好久。需要一些指导。提前致谢。</p>
错误消息表明您有一个内联事件处理程序,这意味着您在某处有一个 onclick、onblur、onchange 等属性。错误消息可能包含指向实际代码的链接。
要允许内联事件处理程序,您需要使用其中之一
但是,如果您能够重写代码,最好的选择是使用事件侦听器。
属性不是 nonceable,因此您的 nonce 方法不适用于这段代码。