gpt4 book ai didi

javascript - chrome 扩展上的“不安全评估”

转载 作者:搜寻专家 更新时间:2023-11-01 04:50:16 24 4
gpt4 key购买 nike

我正在尝试运行以下命令:

chrome.tabs.onCreated.addListener(function (tab){
if (tab.url.indexOf(".salesforce.com/") != -1 || tab.url.indexOf(".force.com/") != -1) {
chrome.tabs.executeScript(tab.id, {
"file": "loadScript.js"
}, function () {
console.log("Script Executed .. ");
});
} else {
var wrongTab = chrome.i18n.getMessage("wrongTab");
console.log(wrongTab);
alert(wrongTab);
}
});

应该(理论上)在页面加载时运行 loadScript.js 文件.... loadScript.js 文件如下,这应该将文件附加到运行页面,而不是按原样附加到背景页面目前:

/* Create a scriipt element in head of HTML and put /soap/ajax/31.0/connection.js in the src  */
var connectJsUrl = "/connection.js";

function loadScript(url, callback) {
var head = document.getElementsByTagName("head")[0];
var script = document.createElement("script");
script.src = url;
var done = false;
script.onload = script.onreadystatechange = function() {
if (!done && (!this.readyState || this.readyState == "loaded" || this.readyState == "complete")) {
done = true;
callback();
script.onload = script.onreadystatechange = null;
head.removeChild(script);
}
};
head.appendChild(script);
}

loadScript(connectJsUrl, function() {
console.log("Script Confirmed...")
});

/* Check to see if the file have been appended correctly and works correctly */
var JSFile = "chrome-extension://" + window.location.host + connectJsUrl;
var req = (window.XMLHttpRequest) ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");
if (req == null) {
console.log("Error: XMLHttpRequest failed to initiate.");
};
req.onload = function() {
try {
eval(req.responseText);
} catch (e) {
console.log("There was an error in the script file.");
}
};
try {
req.open("GET", JSFile, true);
req.send(null);
} catch (e) {
console.log("Error retrieving data httpReq. Some browsers only accept cross-domain request with HTTP.");
};

我仍然是 Chrome 扩展和 .js 的新手,如果我犯了一个愚蠢的错误,请原谅我:)

我从这里得到的是:拒绝将字符串评估为 JavaScript,因为“unsafe-eval”不是以下内容安全策略指令中允许的脚本源:“script-src 'self' chrome-extension-resource:”。

最佳答案

为了防止跨站脚本,Google 屏蔽了 eval 函数。

要解决此问题,请将此代码添加到 ma​​nifest.json

"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",

如果您需要进一步解释,请发表评论

关于javascript - chrome 扩展上的“不安全评估”,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26242682/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com