0

I'm developing a Chrome App with Google Blockly. In order to run JavaScript code dynamically I want to use eval() function.

Chrome app relaxing the default policy using manifest

I tried the above link. I used this manifest as suggested by chrome docs.

manifest.json

{
  "manifest_version": 2,
  "name": "Blockly",
  "version": "1.0.0",
  "icons": {
    "128": "icon_128.png"
  },
  "permissions": [],
  "app": {
    "background": {
      "scripts": ["background.js"]
    }
  },
  "minimum_chrome_version": "46",
  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
}

inject.js

window.addEventListener("load", function() {
 document.getElementById("myBtn").addEventListener("click", function() {
  let code = 'initiate();';
  try {
    eval(code);
   } catch (e) {
     console.log(e); 
  }
 });
});

I am still getting this error :

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: 'wasm-eval'".

at HTMLButtonElement. (inject.js:40)

Community
  • 1
  • 1
Hisan Ibrahim
  • 1
  • 4
  • Does this answer your question? [Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed](https://stackoverflow.com/questions/48047150/refused-to-evaluate-a-string-as-javascript-because-unsafe-eval-is-not-an-allow) – Akash Shrivastava Feb 19 '20 at 11:48
  • Also [onClick within Chrome Extension not working](//stackoverflow.com/a/25721457) – wOxxOm Feb 19 '20 at 11:49
  • This one answered my question [content-security-policy-in-chrome-app](https://stackoverflow.com/questions/21130400/content-security-policy-in-chrome-app) – Hisan Ibrahim Feb 20 '20 at 06:11

1 Answers1

0

I found answer

Content Security Policy in Chrome App

Chrome extensions will let you relax the default Content Security Policy; Chrome Apps won’t.

Hisan Ibrahim
  • 1
  • 4