chrome extension Content Security Policy “Refused to execute inline event handler” error

在chrome extension 動態產生內容時,發生錯誤訊息:


Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

解法:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_hashes

Note that inline event handlers are blocked as well:

HTMLCopy to Clipboard

<button id="btn" onclick="doSomething()"></button>

You should replace them with addEventListener calls:

JSCopy to Clipboard

document.getElementById("btn").addEventListener("click", doSomething);

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *