使用jQuery时为CSS样式启用Content Security Policy style-src'self'

时间:2019-06-17 04:16:26

标签: java jquery css content-security-policy websecurity

我想通过在const total = document.querySelectorAll(".tot") const price = document.querySelectorAll(".cost"); let textval = document.querySelectorAll('.qty-item'); const cal = document.getElementById("calc"); const errorMessage = document.querySelectorAll('.error'); // let theform = document.querySelector(".theform"); let newitem = document.querySelector('.new-item'); let createBtn = document.getElementById("create"); let theItem = document.querySelector(".newStuff"); // form.addEventListener("click",function(e){ let theHtml = ` <div> <span class="cost">${newitem.value}</span> </div> <div class="qty"> <label>QTY:</label><input placeholder="0" class="qty-item"> </div> <div class="tot"> <span><label>TOTAL</label> $0.0</span> </div> ` }); cal.addEventListener('mouseover', function(e) { console.log('total', total); for (var i = 0; i < price.length; i++) { let xPrice = price[i].innerHTML.split("$"); let parsePrice = parseFloat(xPrice[1]); if (textval[i].value === "" || isNaN(textval[i].value)) { console.log("No Good"); } else { let x = parseFloat(textval[i].value); let y = parsePrice; let z = x * y; total[i].innerText = z.toFixed(2); total[i].innerText = z; for (let k = 0; k < total.length; k++) { let j = parseFloat(total[k].innerHTML); console.log(j); } } } }); <body> <div class="main"> <span class="title">A Title</span> </div> <div class="content"> <div class="item"> <span>Item 1</span> </div> <div> <span class="cost">$100.00</span> </div> <div id="qty"> <label>QTY:</label><input placeholder="0" class="qty-item"> <p class="error"></p> </div> <div class="tot"> <span><label>TOTAL</label> $0.0</span> </div> </div> <br><br> <div class="main"> <span class="title">A Title</span> </div> <div class="content"> <div class="item"> <span>Item 2</span> </div> <div> <span class="cost">$50.00</span> </div> <div class="qty"> <label>QTY:</label><input placeholder="0" class="qty-item"> <p class="error"></p> </div> <div class="tot"> <span><label>TOTAL</label> $0.0</span> </div> </div> <form class ='theform'> <label>NewItem</label><input placeholder="0" class="new-item"> <button id="create">create</button> </form> <span class ="newStuff"></span> <div class="calc-button"> <button id="calc">Calculate Prices</button> </div> </body> 中设置style-src = 'self'来限制将CSS样式注入到jsp页面中。但是我使用的jQuery试图将样式注入到页面中。

  

jquery-3.4.1.min.js:2拒绝应用内联样式,因为它   违反以下内容安全策略指令:“ style-src   'self'“。要么是'unsafe-inline'关键字,要么是一个哈希   ('sha256- + PA1W6zRh5Oc60l8KTKpT7oxFVzjAUR9eAI5Pkr7MGE =')或随机数   (“ nonce -...”)才能启用内联执行。

HttpSecurity.headers().contentSecurityPolicy();

使用jQuery时如何为CSS样式启用Content Security Policy style-src'self'?

0 个答案:

没有答案
相关问题
最新问题