I have researched this a bit and am familiar with the security reasoning, etc. But is has their been any method created for doing this yet? I have an anti-ad block script I would like to run and it’s suppose to be inserted prior to </body> and adding it to the theme yields nada. I assume the securit…

have you placed your js inside script tags in your < /body>?: <script type="text/javascript"> <<< JS >> </script>

Yes I have already put the script in on the Desktop version of </body>. <script type="text/javascript" charset="utf-8"> eval(function.... </script>

Hmm… well I see that a file WITH the script is being put in the footer via: <script src="[/theme-javascripts/854aca489ba48a598e9eefaa2e4e255ac2a445b7.js?__ws=mywebsite.com](https://mywebsite.com/theme-javascripts/854aca489ba48a598e9eefaa2e4e255ac2a445b7.js?__ws=mywebsite.com)"></script> Going to t…

Okay… so there is this exception/error in the JS console: Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: "script-src… So it there a way to make “eval” safe or authorize this…

[图片] Jim_Starkweather: Uncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: "script-src… You can whitelist evals in the content security policy site setting, see Mitigate XSS…

关闭 body 前添加 Javascript 的任何批准方法？

支持

pmusaraj (Penar Musaraj) 2020 年11 月 5 日 02:25 6

您可以在内容安全策略站点设置中允许 eval，请参阅使用内容安全策略减轻 XSS 攻击。

不过我们不推荐这样做，因为这会使您的网站面临安全漏洞。

1 个赞

话题		回复	浏览量
Need help with the content security policy Support	4	760	2020 年6 月 15 日
Add javascript to a theme component Development	4	1488	2020 年6 月 17 日
How to embed JavaScript script in front of ,</body> tag Development	8	699	2023 年10 月 17 日
BlockAdBlock inserted in the footer but not working Support	0	368	2021 年5 月 20 日
Javascript not working in customised areas Support	9	1121	2019 年5 月 15 日

关闭 body 前添加 Javascript 的任何批准方法？

相关话题