微信公众号 讲师中心
首页
文章
后端开发 web前端 数据库 开发工具 php框架 常见问题 科技 Java 系统教程 电脑教程 硬件教程 手机教程 软件教程 游戏教程 自媒体 新闻
专题
后端开发 web前端 数据库 开发工具 php框架 科技 Java 系统教程 电脑教程 硬件教程 手机教程 软件教程 游戏教程 新闻
AI工具
AI 聊天问答 Agent智能体 AI 文本写作 AI 绘画作图 AI 设计工具 AI 视频创作 AI 音频制作 AI 办公学习 AI 编程开发 Prompt指令
学习
大前端 后端开发 数据库 移动端 运维开发 计算机基础
编程手册
大前端 后端开发 数据库 移动端 运维开发 计算机基础
下载
js特效 网站源码 工具下载 类库下载 网站素材 学习资源 插件扩展 手机/移动开发 手机游戏
最近更新
搜索
后端开发 web前端 数据库 开发工具 php框架 常见问题 科技 Java 系统教程 电脑教程 硬件教程 手机教程 软件教程 游戏教程
自媒体 新闻
如何修复 CSP 错误? “拒绝执行内联事件处理程序,因为它违反了以下内容安全策略指令......”
P粉781235689
P粉781235689 2023-08-30 11:44:31
[HTML讨论组]
0 1 1610
举报

我在 script-src 中添加随机数值时收到 CSP 错误。 这是我正在设置的 CSP - 内容安全策略:默认 src '无'; script-src 'self' '不安全评估' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希'; frame-src 'self' 'nonce-b1967a39a02f45edbac95cbb4651bd12' '不安全哈希';连接-src'自我'; img-src“自身”数据:; style-src 'self' '不安全内联';对象-src'自我'; font-src'自身'数据:;

我的JS文件内容是-

<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> WebHelp Navigation Toolbar </title>



<style>
<!--
body {margin:0;}
-->
</style>
<script nonce='b1967a39a02f45edbac95cbb4651bd12'  src="whver.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12'  src="whutils.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12'  src="whmsg.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12'  src="whproxy.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12'  src="whmozemu.js" charset="utf-8"></script>
<script nonce='b1967a39a02f45edbac95cbb4651bd12'  src="whtbar.js" charset="utf-8"></script>

<script nonce='b1967a39a02f45edbac95cbb4651bd12' type="text/javascript" language="JavaScript1.2">
//<![CDATA[
function printTopic() {
var topicPane;
if (top.frames[0].name == "ContentFrame")
topicPane = top.frames[0].frames[1].frames[1];
else
topicPane = top.frames[1].frames[1];
topicPane.focus();
var msg = new whMessage(WH_MSG_PRINT, 0, 0);
                notify(msg);
}


//]]>
</script>
</head>
<body marginheight="0"  marginwidth="0"  bgcolor="#363f48"    background="background.png"  scroll="no">
<script nonce='b1967a39a02f45edbac95cbb4651bd12' language="javascript1.2">
<!--
if (window.gbWhTBar)
{
    setButtonFont("toc","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("toc","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("idx","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("idx","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("fts","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("fts","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("glo","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("glo","Arial","11pt","White","Normal","Normal","none", true);
setButtonFont("searchform","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("searchform","","","","","","", true);
setButtonFont("banner","","","","","","");
setButtonFont("banner","","","","","","", true);
setButtonFont("custom15160","Arial","11pt","#a7abaf","Normal","Normal","none");
setButtonFont("custom15160","Arial","11pt","White","Normal","Normal","none", true);

    gsIToc = "wht_toc_n.gif";
    gsITocS = "wht_toc_h.gif";
    gsIIndex = "wht_idx_n.gif";
    gsIIndexS = "wht_idx_h.gif";
    gsISearch = "wht_fts_n.gif";
    gsISearchS = "wht_fts_h.gif";
    gsIGlossary = "wht_glo_n.gif";
    gsIGlossaryS = "wht_glo_h.gif";
    gsIWebSearch = "wht_ws.gif";
    gsIWebSearchD = "wht_ws_g.gif";
    gsIBanner = "wht_logo1.gif";
    gsIGo = "wht_go.gif";
    setBackgroundcolor("#363f48");
    setBackground("background.png");
    setAlignment("left");
    setGoImage("search-input-go.png");
    
    if (!gsBgImage)
    {
    setButtonBgColor("toc", gsBgColor);
    setButtonBgColor("idx", gsBgColor);
    setButtonBgColor("fts", gsBgColor);
    setButtonBgColor("glo", gsBgColor);
    setButtonBgColor("toc", gsTBSelectedBgColor, true);
    setButtonBgColor("idx", gsTBSelectedBgColor, true);
    setButtonBgColor("fts", gsTBSelectedBgColor, true);
    setButtonBgColor("glo", gsTBSelectedBgColor, true);
    setButtonBgColor("toc","#363f48");
setButtonBgColor("idx","#363f48");
setButtonBgColor("fts","#363f48");
setButtonBgColor("glo","#363f48");
setButtonBgColor("searchform","");
setButtonBgColor("banner","");
setButtonBgColor("custom15160","#363f48");

    }
    setButtonBgColor("toc","#363f48", true);
setButtonBgColor("idx","#363f48", true);
setButtonBgColor("fts","#363f48", true);
setButtonBgColor("glo","#363f48", true);
setButtonBgColor("searchform","", true);
setButtonBgColor("banner","", true);
setButtonBgColor("custom15160","#363f48", true);

    addButton("toc",BTN_TEXT|BTN_IMG,"Contents","","","","",0,0,"contents-unselected.png","contents-selected.png","","contents-selected.png","","");
addButton("fts",BTN_TEXT|BTN_IMG,"Search","","","","",0,0,"search-unselected.png","search-selected.png","","search-selected.png","","");
addButton("searchform",BTN_TEXT,"","","","","",0,0,"","","","","","");
addButton("custom15160",BTN_TEXT|BTN_IMG,"Print","","printTopic();","","",0,0,"print-unselected.png","print-selected.png","","print-selected.png","","");

    addButton("blankblock");
    writeStyle(false);
    ReSortToolbarButtons();
}
else
    document.location.reload();
//-->
</script>
</body>

从 script-src 中删除“unsafe-inline”并添加“nonce-b1967a39a02f45edbac95cbb4651bd12”后,我收到此错误。在这个问题上纠结了好久。需要一些指导。提前致谢。

P粉781235689
P粉781235689

全部回复(1)
P粉237647645
P粉2376476452023-08-31 10:12:08 1楼

错误消息表明您有一个内联事件处理程序,这意味着您在某处有一个 onclick、onblur、onchange 等属性。错误消息可能包含指向实际代码的链接。

要允许内联事件处理程序,您需要使用其中之一

  • “unsafe-hashes”和代码的哈希
  • '不安全内联'

但是,如果您能够重写代码,最好的选择是使用事件侦听器。

属性不是 nonceable,因此您的 nonce 方法不适用于这段代码。

+0
添加回复
专题推荐
更多>
热门话题
热门教程
更多>
相关教程
热门推荐
最新课程
最新下载
更多>
网站特效
网站源码
网站素材
前端模板
关于我们 免责申明 举报中心 意见反馈 讲师合作 广告合作 最新更新 English
php中文网:公益在线php培训,帮助PHP学习者快速成长!
关注服务号 技术交流群
PHP中文网订阅号
每天精选资源文章推送
PHP中文网APP
随时随地碎片化学习

Copyright 2014-2025 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号

  • PHP学习

  • 技术支持

  • 返回顶部