我正在尝试从chrome示例扩展安装新闻阅读器
但如果不做出改变,它就不起作用。因此,因为它想要清单v2,我将manifest_version: 2
添加到清单中,这给了我以下内容:
{
"name": "__MSG_name__",
"version": "1.1",
"manifest_version": 2,
"description": "__MSG_description__",
"icons": { "128": "news_icon.png" },
"browser_action": {
"default_title": "__MSG_default_title__",
"default_icon": "news_action.png",
"default_popup": "feed.html"
},
"permissions": [
"tabs",
"http://news.google.com/*",
"http://news.google.es/*"
],
"default_locale": "en"
}
但是我该如何更新它来修复以下错误:
feed.html:75 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
feed.html:103 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
feed.html:308 Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
在内容安全策略文档中有一个方便的指南。它还提到,在内联脚本的情况下,不能通过修改CSP本身来解决这个问题。
具体来说,请阅读关于内联脚本的部分。
简而言之,在您的情况下需要进行以下更改(基于错误):
-
如果有任何
<script> /* some code */ </script>
块,则需要将它们移动到一个单独的文件中并加载<script src="file.js"></script>
-
如果有像
<div onclick="clickHandler()">
或<body onload="load()">
这样的内联处理程序,则需要将它们转换为addEventListener
格式,并从包含的JS代码中执行。有关示例,请参阅文档。
不要犹豫,在https://crbug.com表示样品已过期。