自訂範本政策
透過集合功能整理內容
你可以依據偏好儲存及分類內容。
需要在網頁上執行政策。容器在網頁上執行時,系統會將政策套用至代碼管理工具的自訂範本定義,藉此控管特定功能的使用方式。政策是透過 gtag('policy', ...) API 實作。
gtag('policy', ...) API 需要 dataLayer 和 gtag() 的定義。確認已在程式碼中定義 dataLayer 和 gtag(),之後再透過指令碼呼叫 gtag('policy', ...):
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
在網頁使用 gtag('policy', ...) API 設定自訂範本權限的政策:
gtag('policy', <permissionId>, <function>)
<permissionId> 引數是任何支援的權限類型之一,例如inject_script。每當容器想檢查是否獲得該權限時,系統就會呼叫這項政策。
gtag('policy', 'inject_script', function(containerId, permissionId, data) {
// Specific inject_script check goes here.
});
指定 'all' 即可與所有政策檢查互動。
gtag('policy', 'all', function(containerId, permissionId, data) {
// System-wide check goes here.
});
第三個引數 (<function>) 會使用這個簽章實作指定政策:
function(containerId, permissionId, data) {...}
containerId 是代碼管理工具容器 ID (例如'GTM-1234'。permissionId 是字串,用來指定要檢查的政策類型。data 是包含指定權限類型任何相關資訊的物件,例如擁有 'send_pixel' 權限的 'url'。
當政策函式傳回 false 或擲回例外狀況時,政策函式會拒絕權限要求。啟用預覽模式後,任何類型為 string 或 Error 的例外狀況都會顯示在偵錯窗格的「Errors」部分。如果有多項政策檢查登錄,每項檢查都會呼叫,每項檢查都能拒絕政策要求。
本範例建立的政策會檢查 'inject_script' 權限:
gtag('policy', 'inject_script', function(containerId, permissionId, data) {
// reference the url of the script to be injected
let url = data.url || '';
// if the url of the injected script exactly matches, allow it.
// otherwise throw an error
if (url === 'https://scripts.example.com/analytics.js') {
return true;
} else {
throw 'Only permitted to inject https://scripts.example.com/analytics.js';
}
});
本範例使用 'all' 關鍵字,檢查多項政策情境:
gtag('policy', 'all', function(containerId, permissionId, data) {
// Only set policy for 1 specific container.
// This enables other containers loaded on the page to
// operate without restrictions on permissions.
if (container != 'GTM-4321') return true;
// Since the policy is 'all', adjust permissions conditionally.
switch (permissionId) {
case 'send_pixel':
return true;
case 'write_globals':
return data.key && data.key == '_gaq';
case 'inject_script':
let url = data.url || '';
if (url.indexOf('https://example.com') != 0)
throw 'Only example.com scripts are permitted';
default:
// IT staff decides that all unknown permissions
// are rejected.
return false;
}
});
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-07-25 (世界標準時間)。
[null,null,["上次更新時間:2025-07-25 (世界標準時間)。"],[[["\u003cp\u003eUse the \u003ccode\u003egtag('policy', ...)\u003c/code\u003e API to control how Tag Manager's custom templates use features like injecting scripts or sending pixels within your web page.\u003c/p\u003e\n"],["\u003cp\u003ePolicies are applied by defining functions that evaluate permission requests for specific Tag Manager containers and functionalities, allowing or rejecting them based on your defined criteria.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003egtag('policy', ...)\u003c/code\u003e API accepts a permission ID like \u003ccode\u003einject_script\u003c/code\u003e or \u003ccode\u003esend_pixel\u003c/code\u003e to define rules for that specific action, or \u003ccode\u003eall\u003c/code\u003e to handle various permissions within a single function.\u003c/p\u003e\n"],["\u003cp\u003ePolicy functions determine whether to allow or reject a permission request by returning \u003ccode\u003etrue\u003c/code\u003e for allowance, \u003ccode\u003efalse\u003c/code\u003e for rejection, or throwing an exception to provide a descriptive error in the debug console.\u003c/p\u003e\n"],["\u003cp\u003eYou can implement policies to manage permissions on a granular level, allowing specific scripts to be injected, pixels to be sent to certain URLs, or controlling access to global variables, ensuring enhanced security and control over your website's behavior.\u003c/p\u003e\n"]]],["Policies on a webpage control Tag Manager's custom template definitions using the `gtag('policy', ...)` API. This API requires `dataLayer` and `gtag()` to be defined beforehand. Policies are set using `gtag('policy', \u003cpermissionId\u003e, \u003cfunction\u003e)`, where `\u003cpermissionId\u003e` specifies the permission type, such as `'inject_script'`. The `\u003cfunction\u003e` argument checks permissions, returning `false` or throwing an exception to reject them. Using `'all'` as `\u003cpermissionId\u003e` allows interaction with all policy checks. The policy function uses parameters `containerId`, `permissionId`, and `data` to evaluate requests.\n"],null,["# Custom template policies\n\nPolicies are implemented on a web page. When a container runs on the page, policies are applied to Tag Manager's custom template definitions to control how certain features and functionality can be used. Policies are implemented with the `gtag('policy', ...)` API.\n\nThe `gtag('policy', ...)` API requires definitions for dataLayer and `gtag()`. Ensure that `dataLayer` and `gtag()` are defined in your code before `gtag('policy', ...)` is called later in the script: \n\n window.dataLayer = window.dataLayer || [];\n function gtag(){dataLayer.push(arguments);}\n\nUse the `gtag('policy', ...)` API on a web page to set policies for [custom template permissions](/tag-platform/tag-manager/templates/permissions): \n\n gtag('policy', \u003cpermissionId\u003e, \u003cfunction\u003e)\n\nThe `\u003cpermissionId\u003e` argument is any one of the supported permissions types, e.g. [`inject_script`](/tag-platform/tag-manager/templates/permissions#inject_script). The policy will be called whenever a container wants to check if that permission is allowed. \n\n gtag('policy', 'inject_script', function(containerId, permissionId, data) {\n // Specific inject_script check goes here.\n });\n\nSpecify `'all'` to interact with all policy checks. \n\n gtag('policy', 'all', function(containerId, permissionId, data) {\n // System-wide check goes here.\n });\n\nThe third argument---`\u003cfunction\u003e`---is a function that implements the indicated policy with this signature: \n\n function(containerId, permissionId, data) {...}\n\n- **`containerId`** is the Tag Manager container ID, e.g. `'GTM-1234'`.\n- **`permissionId`** is a string that specifies the type of policy to be checked.\n- **`data`** is an object that contains any relevant information for the indicated permission type, e.g. `'url'` for a `'send_pixel'` permission.\n\nA policy function rejects a permission request when it returns `false` or throws an exception. Any exceptions with a type of `string` or `Error` will appear in the **Errors** section of the debug pane when [preview mode](https://support.google.com/tagmanager/answer/6107056) is enabled. When multiple policy checks are registered, each check is called, and each check has the ability to reject a policy request.\n\nThis example creates a policy that checks the `'inject_script'` permission: \n\n gtag('policy', 'inject_script', function(containerId, permissionId, data) {\n\n // reference the url of the script to be injected\n let url = data.url || '';\n\n // if the url of the injected script exactly matches, allow it.\n // otherwise throw an error\n if (url === 'https://scripts.example.com/analytics.js') {\n return true;\n } else {\n throw 'Only permitted to inject https://scripts.example.com/analytics.js';\n }\n });\n\nThis example uses the `'all'` keyword to check multiple policy scenarios: \n\n gtag('policy', 'all', function(containerId, permissionId, data) {\n\n // Only set policy for 1 specific container.\n // This enables other containers loaded on the page to\n // operate without restrictions on permissions.\n if (container != 'GTM-4321') return true;\n\n // Since the policy is 'all', adjust permissions conditionally.\n switch (permissionId) {\n\n case 'send_pixel':\n return true;\n\n case 'write_globals':\n return data.key && data.key == '_gaq';\n\n case 'inject_script':\n let url = data.url || '';\n if (url.indexOf('https://example.com') != 0)\n throw 'Only example.com scripts are permitted';\n\n default:\n // IT staff decides that all unknown permissions\n // are rejected.\n return false;\n }\n });"]]
