diff options
| author | Peter Bengtsson <mail@peterbe.com> | 2020-12-08 14:40:17 -0500 |
|---|---|---|
| committer | Peter Bengtsson <mail@peterbe.com> | 2020-12-08 14:40:17 -0500 |
| commit | 33058f2b292b3a581333bdfb21b8f671898c5060 (patch) | |
| tree | 51c3e392513ec574331b2d3f85c394445ea803c6 /files/zh-cn/web/http/headers/content-security-policy/script-src-elem | |
| parent | 8b66d724f7caf0157093fb09cfec8fbd0c6ad50a (diff) | |
| download | translated-content-33058f2b292b3a581333bdfb21b8f671898c5060.tar.gz translated-content-33058f2b292b3a581333bdfb21b8f671898c5060.tar.bz2 translated-content-33058f2b292b3a581333bdfb21b8f671898c5060.zip | |
initial commit
Diffstat (limited to 'files/zh-cn/web/http/headers/content-security-policy/script-src-elem')
| -rw-r--r-- | files/zh-cn/web/http/headers/content-security-policy/script-src-elem/index.html | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/files/zh-cn/web/http/headers/content-security-policy/script-src-elem/index.html b/files/zh-cn/web/http/headers/content-security-policy/script-src-elem/index.html new file mode 100644 index 0000000000..674e7bd9b0 --- /dev/null +++ b/files/zh-cn/web/http/headers/content-security-policy/script-src-elem/index.html @@ -0,0 +1,87 @@ +--- +title: 'CSP: script-src-elem' +slug: Web/HTTP/Headers/Content-Security-Policy/script-src-elem +translation_of: Web/HTTP/Headers/Content-Security-Policy/script-src-elem +--- +<div>{{HTTPSidebar}}</div> + +<p>HTTP协议中 {{HTTPHeader("Content-Security-Policy")}} (CSP) <code><strong>script-src-elem</strong></code> 指示符明指定了合法的js要素来源 {{HTMLElement("script")}} ,但是不包括类似onclick这样的事件处理器中包含的内联脚本。</p> + +<table class="properties"> + <tbody> + <tr> + <th scope="row">CSP 版本</th> + <td>3</td> + </tr> + <tr> + <th scope="row">Directive type</th> + <td>{{Glossary("Fetch directive")}}</td> + </tr> + <tr> + <th scope="row">{{CSP("default-src")}} fallback</th> + <td>Yes. If this directive is absent, the user agent will look for the {{CSP("script-src")}} directive, and if both of them are absent, fallback to <code>default-src</code> directive.</td> + </tr> + </tbody> +</table> + +<h2 id="语法">语法</h2> + +<p> <code>script-src-elem</code> 可以允许多个来源:</p> + +<pre class="syntaxbox notranslate">Content-Security-Policy: script-src-elem <source>; +Content-Security-Policy: script-src-elem <source> <source>; +</pre> + +<p><code>script-src-elem</code> 可以跟 {{CSP("script-src")}}一起用:</p> + +<pre class="syntaxbox notranslate">Content-Security-Policy: script-src <source>; +Content-Security-Policy: script-src-elem <source>; +</pre> + +<h3 id="Sources">Sources</h3> + +<p>{{page("Web/HTTP/Headers/Content-Security-Policy/default-src", "Sources")}}</p> + +<h2 id="范例">范例</h2> + +<h3 id="回退到_script-src">回退到 script-src</h3> + +<p>如果没有 <code>script-src-elem</code> 存在, 客户端会回退到 {{CSP("script-src")}} 指示符, 如果那个也还是没有那就回退到 {{CSP("default-src")}}。</p> + +<div class="hidden"> +<p>TODO: Add comprehensive examples.</p> +</div> + +<h2 id="细则">细则</h2> + +<table class="standard-table"> + <thead> + <tr> + <th scope="col">Specification</th> + <th scope="col">Status</th> + <th scope="col">Comment</th> + </tr> + </thead> + <tbody> + <tr> + <td>{{specName("CSP 3.0", "#directive-script-src-elem", "script-src-elem")}}</td> + <td>{{Spec2("CSP 3.0")}}</td> + <td>Initial definition.</td> + </tr> + </tbody> +</table> + +<h2 id="浏览器兼容问题">浏览器兼容问题</h2> + +<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> + +<p>{{Compat("http.headers.csp.Content-Security-Policy.script-src-elem")}}</p> + +<h2 id="其他的链接">其他的链接</h2> + +<ul> + <li>{{HTTPHeader("Content-Security-Policy")}}</li> + <li>{{HTMLElement("script")}}</li> + <li>{{CSP("script-src")}}</li> + <li>{{CSP("script-src-attr")}}</li> +</ul> |