html 安全Meta

<meta 
  http-equiv="Content-Security-Policy" 
  content="script-src 'self' 'unsafe-eval' 'unsafe-inline' ; 
      object-src xxx.xxx.com ; 
      style-src 'unsafe-inline' xxx.xxx.com; 
      child-src https:"
/>


<script>
        if (top.location != self.location) {top.location=self.location;}
</script>