我刚开始使用WordPress-我正在尝试制定内容安全策略,而不使用不安全的内联。我已经对一些内联脚本进行了哈希处理,并且大多数情况下它可以工作,除了一个主要问题(也存在其他问题)之外,该脚本的哈希值不断变化。这是脚本:
<script type='text/javascript'>
/* <![CDATA[ */
var DIVI = {"item_count":"%d Item","items_count":"%d Items"};
var et_shortcodes_strings = {"previous":"Vorherige","next":"N\u00e4chste"};
var et_pb_custom = {"ajaxurl":"https:\/\/mydomain.de\/wp-admin\/admin-ajax.php","images_uri":"https:\/\/mydomain.de\/wp-content\/themes\/Divi\/images","builder_images_uri":"https:\/\/mydomain.de\/wp-content\/themes\/Divi\/includes\/builder\/images","et_frontend_nonce":"ff33db4af0","subscription_failed":"Bitte \u00fcberpr\u00fcfen Sie die Felder unten aus, um sicherzustellen, dass Sie die richtigen Informationen eingegeben.","et_ab_log_nonce":"1c04296046","fill_message":"Bitte f\u00fcllen Sie die folgenden Felder aus:","contact_error_message":"Bitte folgende Fehler beheben:","invalid":"Ung\u00fcltige E-Mail","captcha":"Captcha","prev":"Vorherige","previous":"Vorherige","next":"Weiter","wrong_captcha":"Sie haben die falsche Zahl im Captcha eingegeben.","ignore_waypoints":"no","is_divi_theme_used":"1","widget_search_selector":".widget_search","is_ab_testing_active":"","page_id":"53","unique_test_id":"","ab_bounce_rate":"5","is_cache_plugin_active":"no","is_shortcode_tracking":"","tinymce_uri":""};
var et_pb_box_shadow_elements = [];
/* ]]> */
</script>
有人可以告诉我,如果希望通过这样的代码来改变哈希值,或者它可能是恶意软件的迹象,我的下一步就是问Divi的作者,这个代码块是否至关重要,以及该代码块是什么?如果CSP忽略它,它将丢失。
最好的问候