启用内容安全策略时,轮播不起作用

时间:2016-05-14 17:52:05

标签: javascript twitter-bootstrap security carousel xss

我正在使用CSP而我的Javascript轮播无法正常工作,一切正常但旋转木马。 轮播CSS位于另一个文件中并起作用, Java脚本也位于另一个文件中,但不起作用。

我没有收到任何错误。

我做错了什么?

提前感谢您的时间。

CSP:

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css; script-src 'self' https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js; script-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js">

Carousel html:

           <div class="row">
                <div class="col-md-12">
                    <div class="carousel carousel-showsixmoveone slide" id="carousel123">
                        <div class="carousel-inner">
                            <div class="item active" ><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/1.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/7.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/1.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/7.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/2.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/8.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/9.jpg" class="img-responsive"></a></div></div>
                            <div class="item"><div class="col-xs-12 col-sm-4 col-md-2"><a href="#"><img src="img/bests/2.jpg" class="img-responsive"></a></div></div>
                        </div>
                        <div class="control">
                            <a href="#carousel123" data-slide="next"><img src="css/right.png"></a>
                            &nbsp;
                            &nbsp;
                            <a href="#carousel123" data-slide="prev"><img src="css/left.png"></a>
                        </div>
                    </div>
                </div>
            </div>

JavaScript文件

(function(){
    $('#carousel123').carousel({ interval: 2000 });
    $('#carouselABC').carousel({ interval: 3600 });
}());
(function(){
    $('.carousel-showsixmoveone .item').each(function(){
        var itemToClone = $(this);
        for (var i=1;i<6;i++) {
            itemToClone = itemToClone.next();
            if (!itemToClone.length) {
                itemToClone = $(this).siblings(':first');
            }
            itemToClone.children(':first-child').clone()
           .addClass("cloneditem-"+(i))
           .appendTo($(this));
        }
    });
}());

1 个答案:

答案 0 :(得分:3)

代码中不能有多个script-src 'self',因此CSP元将如下所示:

<meta http-equiv="Content-Security-Policy" content="
style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css;
script-src 'self' https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js">