You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The script-src does not allow execution of inline scripts (does not have "unsafe-inline"), so Firefox disables inline scripts in the page. As a result, the userscript that is the subject of this thread can inject the script but Firefox will not execute it.
The "solution" is to execute the code from the userscript. I was able to inject a button into the page with an event listener pointing back at the userscript, so at least a basic UI is possible. But I'm not sure about more complicated stuff.
Tested Script:
function yellowbod(){ document.body.style.backgroundColor = "yellow"; } var s=document.createElement("button"); s.addEventListener("click", yellowbod, false); s.appendChild(document.createTextNode("TEST")); document.body.appendChild(s);
Edit: Here's a page to test some of the possible script-src directives against bookmarklets and userscripts:
做在 bookmarklet 上,chrome 總能快快地成功執行,但在 firefox 上常會有類似的錯誤訊息產生,而無法執行:
查詢到這篇可能是可解決的方向:
Doesn't work because of Content Security Policy - Greasy Forum
default-src *; script-src assets-cdn.github.com www.google-analytics.com collector-cdn.github.com; object-src assets-cdn.github.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' assets-cdn.github.com; font-src assets-cdn.github.com
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#Supported_policy_directives
function yellowbod(){ document.body.style.backgroundColor = "yellow"; } var s=document.createElement("button"); s.addEventListener("click", yellowbod, false); s.appendChild(document.createTextNode("TEST")); document.body.appendChild(s);
Edit: Here's a page to test some of the possible script-src directives against bookmarklets and userscripts:
HTTPS:
https://jeffersonscher.com/res/csp-tester.php
HTTP:
http://jeffersonscher.com/res/csp-tester.php
The text was updated successfully, but these errors were encountered: