问题描述
根据Chrome内容安全策略的变化,我已将所有脚本移动到单独的文件中,并在HTML页面(背景和弹出窗口)中引用它们以扩展我的Chrome扩展。但我仍然收到以下消息: 拒绝执行内联脚本,因为它违反了以下内容安全策略
指令: script-srcself'chrome-extension-resource:。
这是我的背景页面
< HTML>
< head>
< script type =text / javascriptsrc =jquery.js>< / script>
< script type =text / javascriptsrc =background.js>< / script>
< / head>
<! - < body onload =Load();> - >
< body>
< / body>
< / html>
您看到没有内联js,但错误消息一直存在。我的代码有什么问题,我该如何解决它?
注意:我使用清单版本2和chrome版本21.0.1180.89
谢谢
为了显示版本2,扩展的代码和引用的库的代码必须兼容CSP。
更新jquery库应该足够了。 Jquery支持CSP的这个bug:
In light of change in chrome's content security policy, I have moved all the script in separate files and referencing them in html pages (background and popup) for my chrome extension. But I still get the following message
Refused to execute inline script because it violates the following Content Security Policy
directive: "script-src 'self' chrome-extension-resource:".
This is my background page
<html>
<head>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="background.js"></script>
</head>
<!--<body onload = "Load();">-->
<body>
</body>
</html>
You see there is no inline js but the error message is till there. What's the problem with my code and how can I fix it?
Note: I am using manifest version 2 and chrome version 21.0.1180.89
Thanks
As the previous answer suggests when you update your extension to manifest version 2 the code of the extension and the code of the referred libraries have to be CSP compatible.
Updating your jquery library should be enough. Jquery supported CSP with this bug:http://bugs.jquery.com/ticket/11249
这篇关于谷歌浏览器:拒绝执行内联脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!