indlela evumela noma yisiphi isengezo se-Chrome ukuthi sisebenzise ikhodi yangaphandle ye-JavaScript ngaphandle kokunikeza izimvume ezingeziwe (ngaphandle kwe-eval engaphephile ne-inline engaphephile ku-manifest.json). Izimvume zisho ukuthi ngaphandle kwe-eval engaphephile isengezo singasebenzisa kuphela ikhodi efakwe ekusabalaliseni kwendawo, kodwa indlela ehlongozwayo yenza kube nokwenzeka ukweqa lo mkhawulo futhi isebenzise noma iyiphi i-JavaScript elayishwe kusayithi yangaphandle kumongo wesengezo- ku.
I-Google okwamanje ivale ukufinyelela komphakathi , kodwa kungobo yomlando ikhodi yesampula ukusizakala inkinga. Indlela indlela yokweqa umkhawulo we-script-src 'self' ku-CSP futhi ifinyelela phansi ekushintsheni ithegi yombhalo nge-document.createElement('script') kanye nokufaka okuqukethwe kwangaphandle kuyo ngomsebenzi wokulanda, ngemva kwalokho ikhodi izosetshenziswa umongo wesengezo ngokwaso.
Source: opennet.ru