如何解决在通过飞溅评估 javascript 时如何避免 CSP 错误?
我正在从“https://www.welcometothejungle.com/en”中抓取数据
function main(splash,args)
assert(splash:go(args.url))
assert(splash:wait(0.5))
assert(splash:runjs('document.querySelector("#sticky-menu a[data-testid=menu-jobs]").click()'))
splash:set_viewport_full()
return {
html = splash:html(),png = splash:png(),har = splash:har(),}
end
我遇到此错误 JS 错误:'EvalError:拒绝将字符串评估为 JavaScript,因为在以下内容安全策略指令中,'unsafe-eval' 不是允许的脚本源:“script-src 'unsafe-inline' cdn.welcometothejungle.co
{
"error": 400,"type": "ScriptError","description": "Error happened while executing Lua script","info": {
"source": "[string \"function main(splash,args)\r...\"]","line_number": 4,"error": "JS error: 'EvalError: Refused to evaluate a string as JavaScript because \\'unsafe-eval\\' is not an allowed source of script in the following Content Security Policy directive: \"script-src \\'unsafe-inline\\' cdn.welcometothejungle.co platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com *.ytimg.com loader.wisepops.com app.wisepops.com cdn.wisepops.com optimize.google.com app.getbeamer.com realtime.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com polyfill.io *.axept.io\".\\n'","type": "LUA_ERROR","message": "Lua error: [string \"function main(splash,args)\r...\"]:4: JS error: 'EvalError:
Refused to evaluate a string as JavaScript because \\'unsafe-eval\\' is not an allowed source of
script in the following Content Security Policy directive: \"script-src \\'unsafe-inline\\'
cdn.welcometothejungle.co platform.linkedin.com www.linkedin.com www.googletagmanager.com
tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com
www.youtube.com *.ytimg.com loader.wisepops.com app.wisepops.com cdn.wisepops.com
optimize.google.com app.getbeamer.com realtime.getbeamer.com player.vimeo.com speakerdeck.com
www.slideshare.net talks.golang.org docs.google.com slides.com static.hotjar.com
script.hotjar.com *.batch.com polyfill.io *.axept.io\".\\n'"
}
}
解决方法
错误JS错误:'EvalError:拒绝将字符串评估为JavaScript,因为'unsafe-eval'不是以下内容安全策略指令中允许的脚本源:“script-src 'unsafe-inline' cdn.welcometothejungle .co ...
此错误由 assert(splash:runjs('document.querySelector("#sticky-menu a[data-testid=menu-jobs]").click()'))
splash:runjs('string') 内部调用 evaljs('string') -> 调用原生 JavaScript 的 eval() func 来将字符串转换为 JS 代码。
内容安全政策禁止在 'unsafe-eval' 指令中使用没有 script-src 标记的 JavaScript 的 eval 表达式。
您必须将 'unsafe-eval' 令牌添加到 script-src 中:
"script-src 'unsafe-inline' 'unsafe-eval' cdn.welcometothejungle.co platform.linkedin.com
www.linkedin.com www.googletagmanager.com tagmanager.google.com
www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com
*.ytimg.com loader.wisepops.com app.wisepops.com cdn.wisepops.com
optimize.google.com app.getbeamer.com realtime.getbeamer.com player.vimeo.com
speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com
static.hotjar.com script.hotjar.com *.batch.com polyfill.io *.axept.io"
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
