[英]Embedding an onClick() function on an HTML element doesn't work
chrome.storage.sync.get(['player_info'], (data) => {
console.log('search')
console.log(data)
// data = list of possible players
let player_arr = data.player_info
for (let i = 0; i < player_arr.length; i++) {
document.getElementById("card-wrapper").innerHTML +=
`<div onclick="alert('clicked')" class="player_option">
<center>
<div class="card-img-small">
<a href="#">
<img id=\"player_img\" src="${player_arr[i].profile_img}" class="img-responsive">
</a>
</div>
</center>
<div class="card-body">
<div id="player-name" class="price-small">
${player_arr[i].name}
</div>`
}
})
I am dynamically rendering some items using the code above. 我正在使用上面的代码动态渲染某些项目。 In the
div
wrapper, I added an alert
function to check if it works, but nothing happens. 在
div
包装器中,我添加了一个alert
功能来检查它是否有效,但是什么也没发生。 I inspected the element, and it looked like this: 我检查了元素,它看起来像这样:
<div onclick="alert('clicked')" class="player_option">
<center>
<div class="card-img-small">
<a href="#">
<img id="player_img" src="https://fmdataba.com/images/p/4348.png" class="img-responsive">
</a>
</div>
</center>
<div class="card-body">
<div id="player-name" class="price-small">
Paul Pogba
</div></div></div>
It seems like the function is embedded correctly, but the alert
doesn't happen. 该函数似乎已正确嵌入,但没有发生
alert
。 Any help? 有什么帮助吗?
EDIT 编辑
Actually realized I am getting this error: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
实际上意识到我正在收到此错误:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
I am building a Chrome Extension 我正在构建Chrome扩展程序
In chrome apps and extentions, Content Security Policy does not allow inline javascript. 在chrome应用和扩展程序中,内容安全策略不允许使用内联JavaScript。 So you have to put your javascript in a .js file and include it in your HTML.
因此,您必须将JavaScript放在.js文件中,并将其包含在HTML中。
You have to use js event listener instead. 您必须改为使用js事件监听器。 Take a look at this: Refused to execute inline event handler because it violates CSP.
看一下这一点: 拒绝执行内联事件处理程序,因为它违反了CSP。 (SANDBOX)
(沙盒)
If you still want to use js in onClick
attributes, you could also change the Content Security Policy
. 如果您仍想在
onClick
属性中使用js,则还可以更改Content Security Policy
。 Look at: Content Security Policy (CSP) under "Relaxing the default policy". 查看:“放松默认策略”下的“ 内容安全策略(CSP) ”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.