根据用户 ID 更改背景图像并避免 CSP 不安全内联
[英]Change background image according to user ID and avoid CSP unsafe-inline
问题描述
I would like to avoid using unsafe-inline on style-src in my CSP header, but I have a problem with a background image.
我想避免在我的 CSP 标头中的 style-src 上使用 unsafe-inline,但我的背景图像有问题。 I change the background image of a specific element according to the ID of the user, therefore I can not have the background image url in the style.css, as I normally would do, because it will be different for each user.我根据用户的 ID 更改特定元素的背景图像,因此我不能像往常一样在 style.css 中包含背景图像 url,因为每个用户都会有所不同。
I thought about changing it through Javascript, but then I will still have unsafe inline style if i do something like this我想通过 Javascript 来改变它,但是如果我做这样的事情,我仍然会有不安全的内联样式
document.getElementById("picture").style.backgroundImage = "url('img'+ID)";
So is there any way to change the background image dynamically according to ID of the user AND avoid having style-src unsafe inline?那么有没有办法根据用户的 ID 动态更改背景图像并避免 style-src 内联不安全?
The code I have right now looks like this:我现在的代码如下所示:
echo '<div id="imagePreview'.$row['ID'].'" style="background-image: url(\'billeder/'.$row['ID'].'.jpg);"></div>';
1 个解决方案
解决方案1
0 2019-03-14 09:17:20
Dynamic stylesheet might help you.动态样式表可能对您有所帮助。 If you can't control CSP header.如果您无法控制 CSP 标头。
You should process one css file via php.您应该通过 php 处理一个 css 文件。
You can find more information at => http://thisinterestsme.com/dynamic-css-stylesheet-php/您可以在 => http://thisinterestsme.com/dynamic-css-stylesheet-php/找到更多信息
<?php
// Set the content-type header and charset.
header("Content-Type: text/css; charset=utf-8");
// Somehow get background image
$backgroundImage = "url(yourimage.jpg);";
?>
/** CSS begins **/
#imagePreview{
background-image: <?= $backgroundImage ; ?>;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.