admin管理员组

文章数量:1390604

I am new to Content Security policy. I recently enabled it in my webapp: I have a JSP where I have multiple buttons each with a different action and I was handling different button actions with onClick event of JS but CSP does not allow using inline JS like this.

Here are the buttons I have:

<button type="submit"     
onclick="form.action='${pageContext.request.contextPath}/product/edit'"    
class="sbmt_bt"><fmt:message key="save" /></button>

<button type="submit"    
onclick="form.action='${pageContext.request.contextPath}/product/delete';   
return confirm('${deleteAlert}')" class="sbmt_bt"><fmt:message key="delete"    
/></button>

<button type="submit"  
onclick="form.action='${pageContext.request.contextPath}/product/add'"   
class="sbmt_bt"><fmt:message key="add" /></button>

What would be a CSP pliant alternative for this?

I am new to Content Security policy. I recently enabled it in my webapp: I have a JSP where I have multiple buttons each with a different action and I was handling different button actions with onClick event of JS but CSP does not allow using inline JS like this.

Here are the buttons I have:

<button type="submit"     
onclick="form.action='${pageContext.request.contextPath}/product/edit'"    
class="sbmt_bt"><fmt:message key="save" /></button>

<button type="submit"    
onclick="form.action='${pageContext.request.contextPath}/product/delete';   
return confirm('${deleteAlert}')" class="sbmt_bt"><fmt:message key="delete"    
/></button>

<button type="submit"  
onclick="form.action='${pageContext.request.contextPath}/product/add'"   
class="sbmt_bt"><fmt:message key="add" /></button>

What would be a CSP pliant alternative for this?

  • javascript
  • html
  • content-security-policy
Share Improve this question edited Dec 9, 2015 at 18:43 RealSkeptic 34.7k7 gold badges55 silver badges82 bronze badges asked Dec 9, 2015 at 18:40 user1892775user1892775 2,1318 gold badges39 silver badges61 bronze badges
Add a ment  | 

1 Answer 1

Reset to default 4

This should be a good starting point for you. As you can see in the example you will have to create a separate JavaScript file, put the code from your onclick-listeners there and reference the JavaScript file in your html file.

本文标签:

版权声明:本文标题:javascript - replace multiple inline button onclick event handlers with content security policy compliant code - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744724583a2621890.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。