在HTML元素上嵌入onClick()函数不起作用
[英]Embedding an onClick() function on an HTML element doesn't work
问题描述
chrome.storage.sync.get(['player_info'], (data) => {
console.log('search')
console.log(data)
// data = list of possible players
let player_arr = data.player_info
for (let i = 0; i < player_arr.length; i++) {
document.getElementById("card-wrapper").innerHTML +=
`<div onclick="alert('clicked')" class="player_option">
<center>
<div class="card-img-small">
<a href="#">
<img id=\"player_img\" src="${player_arr[i].profile_img}" class="img-responsive">
</a>
</div>
</center>
<div class="card-body">
<div id="player-name" class="price-small">
${player_arr[i].name}
</div>`
}
})
I am dynamically rendering some items using the code above. 
我正在使用上面的代码动态渲染某些项目。 In the div wrapper, I added an alert function to check if it works, but nothing happens. 在div包装器中,我添加了一个alert功能来检查它是否有效,但是什么也没发生。 I inspected the element, and it looked like this: 我检查了元素,它看起来像这样:
<div onclick="alert('clicked')" class="player_option">
<center>
<div class="card-img-small">
<a href="#">
<img id="player_img" src="https://fmdataba.com/images/p/4348.png" class="img-responsive">
</a>
</div>
</center>
<div class="card-body">
<div id="player-name" class="price-small">
Paul Pogba
</div></div></div>
It seems like the function is embedded correctly, but the alert doesn't happen. 该函数似乎已正确嵌入,但没有发生alert 。 Any help? 有什么帮助吗?
EDIT 编辑
Actually realized I am getting this error: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. 实际上意识到我正在收到此错误: Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. I am building a Chrome Extension 我正在构建Chrome扩展程序
1 个解决方案
解决方案1
0 2019-07-06 07:44:22
In chrome apps and extentions, Content Security Policy does not allow inline javascript. 在chrome应用和扩展程序中,内容安全策略不允许使用内联JavaScript。 So you have to put your javascript in a .js file and include it in your HTML. 因此,您必须将JavaScript放在.js文件中,并将其包含在HTML中。
You have to use js event listener instead. 您必须改为使用js事件监听器。 Take a look at this: Refused to execute inline event handler because it violates CSP. 看一下这一点: 拒绝执行内联事件处理程序,因为它违反了CSP。 (SANDBOX) (沙盒)
If you still want to use js in onClick attributes, you could also change the Content Security Policy . 如果您仍想在onClick属性中使用js,则还可以更改Content Security Policy 。 Look at: Content Security Policy (CSP) under "Relaxing the default policy". 查看:“放松默认策略”下的“ 内容安全策略(CSP) ”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.