From 09979c63835500a2f7a99ca3bb5153e861cd6ea2 Mon Sep 17 00:00:00 2001 From: fendly2 Date: Tue, 30 Jun 2026 23:42:15 +0800 Subject: [PATCH] fix: resolve CSP violations by removing inline styles and allowing data images --- manifest.json | 2 +- popup.html | 12 ++++++------ style.css | 26 ++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/manifest.json b/manifest.json index 0847546..a525d07 100644 --- a/manifest.json +++ b/manifest.json @@ -17,7 +17,7 @@ "http://127.0.0.1/*" ], "content_security_policy": { - "extension_pages": "default-src 'self'; connect-src https://integrate.api.nvidia.com https: http://localhost:* http://127.0.0.1:*; object-src 'none'" + "extension_pages": "default-src 'self'; connect-src https://integrate.api.nvidia.com https: http://localhost:* http://127.0.0.1:*; img-src 'self' data:; object-src 'none'" }, "action": { "default_popup": "popup.html", diff --git a/popup.html b/popup.html index 84737a3..d96e54e 100644 --- a/popup.html +++ b/popup.html @@ -32,11 +32,11 @@

AI 翻译助手

-
+
- -
-
@@ -105,8 +105,8 @@

模型设置

最近 10 条记录

- -
diff --git a/style.css b/style.css index 9408850..cd85f06 100644 --- a/style.css +++ b/style.css @@ -649,4 +649,30 @@ body { text-align: center; font-size: 11px; color: var(--text-secondary-color); +} + +/* CSP compliance styles replacing previous inline styles */ +.loading-indicator { + display: none; /* hidden by default, shown via JS */ +} + +.control-row.output-actions { + margin-top: 6px; + width: 100%; +} + +.settings-save-container { + margin-top: 20px; +} + +#saveApiKeyBtn { + padding: 12px; +} + +#historyList { + margin-top: 16px; +} + +#clearHistoryBtn { + margin-top: 14px; } \ No newline at end of file