Automator 运行 JavaScript 与 Safari 的安全策略错误
Security Policy errors with Automator running JavaScript with Safari
我正在使用以下 Automator 脚本:
on run {input, parameters}
set updateCount to 0
read (item 1 of input)
set ps to paragraphs of the result
set tot to count ps
set TLFile to (("Users:Admin:Desktop:") as text) & "titleList.txt"
set TLLines to paragraphs of (read file TLFile as «class utf8»)
set descFile to (("Users:Admin:Desktop:") as text) & "descList.txt"
set DescLines to paragraphs of (read file descFile as «class utf8»)
tell application "Safari"
reopen
activate
end tell
repeat with i from 1 to tot
set p to item i of ps
if p is not "" then
try
tell application "Safari"
tell front window
set r to make new tab with properties {URL:p}
set current tab to r
set titleVal to item i of TLLines
set descVal to item i of DescLines
set updateCount to updateCount + 1
do shell script "echo The value: " & updateCount
delay 12
do JavaScript "document.getElementsByName('title')[0].value = '" & titleVal & "'; document.getElementsByName('description')[1].value = '" & descVal & "';
document.getElementsByClassName('save-changes-button')[0].removeAttribute('disabled');
document.getElementsByClassName('save-changes-button')[0].click();" in current tab
delay 4
close current tab
if updateCount is equal to 10 then
say "hi"
set updateCount to 0
delay 90
end if
if i = tot then exit repeat
repeat
delay 4
get URL of r
end repeat
end tell
end tell
end try
end if
end repeat
end run
几个月前,我已经能够在 Safari 上使用 YouTube 运行 此脚本,没有任何问题。现在它不执行 JavaScript 操作。 Safari 检查器中出现错误:
- “内容安全策略指令 'script-src' 的源列表包含无效源:“'strict-dynamic'”。它将被忽略。
postmessageRelay:0"
- "Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy."
如何绕过这些错误,使我的脚本可以 运行?
如问题中的错误 #2 所示,目前使该策略在 Safari 中起作用的修复方法是更改它以指定相关脚本的哈希值或随机数——或者添加 'unsafe-inline'
。
在支持 'strict-dynamic'
的浏览器中,'unsafe-inline'
部分将被忽略。
这两个错误的原因是 Safari 尚不支持 'strict-dynamic'
。请参阅以下内容:
综上所述,从问题中的当前信息来看,实际指定有效的 CSP 政策的位置尚不清楚。因此,除非您已经知道它在哪里,否则我想第一步是确定指定策略的位置,然后在那里进行更改。
我正在使用以下 Automator 脚本:
on run {input, parameters}
set updateCount to 0
read (item 1 of input)
set ps to paragraphs of the result
set tot to count ps
set TLFile to (("Users:Admin:Desktop:") as text) & "titleList.txt"
set TLLines to paragraphs of (read file TLFile as «class utf8»)
set descFile to (("Users:Admin:Desktop:") as text) & "descList.txt"
set DescLines to paragraphs of (read file descFile as «class utf8»)
tell application "Safari"
reopen
activate
end tell
repeat with i from 1 to tot
set p to item i of ps
if p is not "" then
try
tell application "Safari"
tell front window
set r to make new tab with properties {URL:p}
set current tab to r
set titleVal to item i of TLLines
set descVal to item i of DescLines
set updateCount to updateCount + 1
do shell script "echo The value: " & updateCount
delay 12
do JavaScript "document.getElementsByName('title')[0].value = '" & titleVal & "'; document.getElementsByName('description')[1].value = '" & descVal & "';
document.getElementsByClassName('save-changes-button')[0].removeAttribute('disabled');
document.getElementsByClassName('save-changes-button')[0].click();" in current tab
delay 4
close current tab
if updateCount is equal to 10 then
say "hi"
set updateCount to 0
delay 90
end if
if i = tot then exit repeat
repeat
delay 4
get URL of r
end repeat
end tell
end tell
end try
end if
end repeat
end run
几个月前,我已经能够在 Safari 上使用 YouTube 运行 此脚本,没有任何问题。现在它不执行 JavaScript 操作。 Safari 检查器中出现错误:
- “内容安全策略指令 'script-src' 的源列表包含无效源:“'strict-dynamic'”。它将被忽略。 postmessageRelay:0"
- "Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy."
如何绕过这些错误,使我的脚本可以 运行?
如问题中的错误 #2 所示,目前使该策略在 Safari 中起作用的修复方法是更改它以指定相关脚本的哈希值或随机数——或者添加 'unsafe-inline'
。
在支持 'strict-dynamic'
的浏览器中,'unsafe-inline'
部分将被忽略。
这两个错误的原因是 Safari 尚不支持 'strict-dynamic'
。请参阅以下内容:
综上所述,从问题中的当前信息来看,实际指定有效的 CSP 政策的位置尚不清楚。因此,除非您已经知道它在哪里,否则我想第一步是确定指定策略的位置,然后在那里进行更改。