Content-Security-Policy: default-src 'self' 'unsafe-inline'; ... Without CSP, an open frame will execute all the JS inside the page.
確定! 回上一頁