自定义模板政策
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
政策的实现是在网页上进行的。当某个容器在网页上运行时,系统会向跟踪代码管理器的自定义模板定义应用政策,以控制某些特性和功能的使用方式。政策是通过 gtag('policy', ...) API 实现的。
gtag('policy', ...) API 需要使用 dataLayer 和 gtag() 的定义。因此,请确保先在代码中定义 dataLayer 和 gtag(),然后在脚本中调用 gtag('policy', ...):
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
使用网页上的 gtag('policy', ...) API 为自定义模板权限设置政策:
gtag('policy', <permissionId>, <function>)
<permissionId> 参数可以是任何一种受支持的权限类型,例如 inject_script。每当容器希望检查是否允许该权限,系统就会调用该政策。
gtag('policy', 'inject_script', function(containerId, permissionId, data) {
// Specific inject_script check goes here.
});
指定为 'all' 时,会响应所有的政策检查。
gtag('policy', 'all', function(containerId, permissionId, data) {
// System-wide check goes here.
});
第三个参数 (<function>) 是一个函数,它会使用如下签名实现所示的政策:
function(containerId, permissionId, data) {...}
containerId 是跟踪代码管理器容器 ID,例如 'GTM-1234'。permissionId 字符串用于指定要检查的政策的类型。data 对象包含了所示权限类型的所有相关信息,例如 'send_pixel' 权限的 'url'。
政策函数在返回 false 或抛出异常时会拒绝权限请求。启用预览模式后,系统会在调试窗格的错误部分中显示任何 string 或 Error 类型的异常。如果注册了多个政策检查,系统会调用每个检查,而每个检查均可拒绝政策请求。
以下示例创建了一个检查 'inject_script' 权限的政策:
gtag('policy', 'inject_script', function(containerId, permissionId, data) {
// reference the url of the script to be injected
let url = data.url || '';
// if the url of the injected script exactly matches, allow it.
// otherwise throw an error
if (url === 'https://scripts.example.com/analytics.js') {
return true;
} else {
throw 'Only permitted to inject https://scripts.example.com/analytics.js';
}
});
以下示例使用 'all' 关键字检查多个政策场景:
gtag('policy', 'all', function(containerId, permissionId, data) {
// Only set policy for 1 specific container.
// This enables other containers loaded on the page to
// operate without restrictions on permissions.
if (container != 'GTM-4321') return true;
// Since the policy is 'all', adjust permissions conditionally.
switch (permissionId) {
case 'send_pixel':
return true;
case 'write_globals':
return data.key && data.key == '_gaq';
case 'inject_script':
let url = data.url || '';
if (url.indexOf('https://example.com') != 0)
throw 'Only example.com scripts are permitted';
default:
// IT staff decides that all unknown permissions
// are rejected.
return false;
}
});
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-07-25。
[null,null,["最后更新时间 (UTC):2025-07-25。"],[[["\u003cp\u003eUse the \u003ccode\u003egtag('policy', ...)\u003c/code\u003e API to control how Tag Manager's custom templates use features like injecting scripts or sending pixels within your web page.\u003c/p\u003e\n"],["\u003cp\u003ePolicies are applied by defining functions that evaluate permission requests for specific Tag Manager containers and functionalities, allowing or rejecting them based on your defined criteria.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003egtag('policy', ...)\u003c/code\u003e API accepts a permission ID like \u003ccode\u003einject_script\u003c/code\u003e or \u003ccode\u003esend_pixel\u003c/code\u003e to define rules for that specific action, or \u003ccode\u003eall\u003c/code\u003e to handle various permissions within a single function.\u003c/p\u003e\n"],["\u003cp\u003ePolicy functions determine whether to allow or reject a permission request by returning \u003ccode\u003etrue\u003c/code\u003e for allowance, \u003ccode\u003efalse\u003c/code\u003e for rejection, or throwing an exception to provide a descriptive error in the debug console.\u003c/p\u003e\n"],["\u003cp\u003eYou can implement policies to manage permissions on a granular level, allowing specific scripts to be injected, pixels to be sent to certain URLs, or controlling access to global variables, ensuring enhanced security and control over your website's behavior.\u003c/p\u003e\n"]]],["Policies on a webpage control Tag Manager's custom template definitions using the `gtag('policy', ...)` API. This API requires `dataLayer` and `gtag()` to be defined beforehand. Policies are set using `gtag('policy', \u003cpermissionId\u003e, \u003cfunction\u003e)`, where `\u003cpermissionId\u003e` specifies the permission type, such as `'inject_script'`. The `\u003cfunction\u003e` argument checks permissions, returning `false` or throwing an exception to reject them. Using `'all'` as `\u003cpermissionId\u003e` allows interaction with all policy checks. The policy function uses parameters `containerId`, `permissionId`, and `data` to evaluate requests.\n"],null,["# Custom template policies\n\nPolicies are implemented on a web page. When a container runs on the page, policies are applied to Tag Manager's custom template definitions to control how certain features and functionality can be used. Policies are implemented with the `gtag('policy', ...)` API.\n\nThe `gtag('policy', ...)` API requires definitions for dataLayer and `gtag()`. Ensure that `dataLayer` and `gtag()` are defined in your code before `gtag('policy', ...)` is called later in the script: \n\n window.dataLayer = window.dataLayer || [];\n function gtag(){dataLayer.push(arguments);}\n\nUse the `gtag('policy', ...)` API on a web page to set policies for [custom template permissions](/tag-platform/tag-manager/templates/permissions): \n\n gtag('policy', \u003cpermissionId\u003e, \u003cfunction\u003e)\n\nThe `\u003cpermissionId\u003e` argument is any one of the supported permissions types, e.g. [`inject_script`](/tag-platform/tag-manager/templates/permissions#inject_script). The policy will be called whenever a container wants to check if that permission is allowed. \n\n gtag('policy', 'inject_script', function(containerId, permissionId, data) {\n // Specific inject_script check goes here.\n });\n\nSpecify `'all'` to interact with all policy checks. \n\n gtag('policy', 'all', function(containerId, permissionId, data) {\n // System-wide check goes here.\n });\n\nThe third argument---`\u003cfunction\u003e`---is a function that implements the indicated policy with this signature: \n\n function(containerId, permissionId, data) {...}\n\n- **`containerId`** is the Tag Manager container ID, e.g. `'GTM-1234'`.\n- **`permissionId`** is a string that specifies the type of policy to be checked.\n- **`data`** is an object that contains any relevant information for the indicated permission type, e.g. `'url'` for a `'send_pixel'` permission.\n\nA policy function rejects a permission request when it returns `false` or throws an exception. Any exceptions with a type of `string` or `Error` will appear in the **Errors** section of the debug pane when [preview mode](https://support.google.com/tagmanager/answer/6107056) is enabled. When multiple policy checks are registered, each check is called, and each check has the ability to reject a policy request.\n\nThis example creates a policy that checks the `'inject_script'` permission: \n\n gtag('policy', 'inject_script', function(containerId, permissionId, data) {\n\n // reference the url of the script to be injected\n let url = data.url || '';\n\n // if the url of the injected script exactly matches, allow it.\n // otherwise throw an error\n if (url === 'https://scripts.example.com/analytics.js') {\n return true;\n } else {\n throw 'Only permitted to inject https://scripts.example.com/analytics.js';\n }\n });\n\nThis example uses the `'all'` keyword to check multiple policy scenarios: \n\n gtag('policy', 'all', function(containerId, permissionId, data) {\n\n // Only set policy for 1 specific container.\n // This enables other containers loaded on the page to\n // operate without restrictions on permissions.\n if (container != 'GTM-4321') return true;\n\n // Since the policy is 'all', adjust permissions conditionally.\n switch (permissionId) {\n\n case 'send_pixel':\n return true;\n\n case 'write_globals':\n return data.key && data.key == '_gaq';\n\n case 'inject_script':\n let url = data.url || '';\n if (url.indexOf('https://example.com') != 0)\n throw 'Only example.com scripts are permitted';\n\n default:\n // IT staff decides that all unknown permissions\n // are rejected.\n return false;\n }\n });"]]
