I have a web page that generates random quotes, and I have a button that when clicked should be redirected to the intent page of the Twitter website so that the viewer can send a tweet already pre-filled with the quote text.
Button Code:
<a class="btn btn-info btn-lg" href="#" data-size="large" id="tweet-button"><i class="fa fa-twitter"></i>Tweet the current quote!</a>
And jQuery, when a button is clicked, will change the "href" attribute of the button to add pre-filled text to the URL to display after that.
$("#tweet-button").click(function (){ $(this).attr("href", "https://twitter.com/intent/tweet?text=" + encodeURIComponent($("#quote").text()) );
});
When I click the button, I get this error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https://connect.facebook.net https://cm.g.doubleclick.net https://ssl.google-analytics.com https://graph.facebook.com https://twitter.com https://*.userzoom.com 'unsafe-eval' https://*.twimg.com https://api.twitter.com https://analytics.twitter.com 'nonce-6B1Ck//9/fE6OIatYBYe4A==' https://ton.twitter.com https://syndication.twitter.com https://www.google.com https://t.tellapart.com https://platform.twitter.com https://www.google- analytics.com 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-<sha256-hash'), or a nonce ('nonce-...') is required to enable inline execution
If I include static text in the URL instead of loading from $ ("# quote"). text () works correctly, but cannot understand why, I also have to get the CSP error either in the ways or not at all in both situations.
source share