Allowing eval in Electron?

Question

I would like to write a small Electron application using Two.js but I realized Electron doesn't like anyone to use eval.

If I do this in renderer.js:

let u = eval('1 + 1');

I get this issue:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Of course I enabled allowRunningInsecureContent: true in the webPreferences.

Is there any way of running packages that use eval in Electron?

I don't have a direct answer, but do they allow use of the `Function` constructor? Have you tried that instead? ...`let u = new Function('return 1 + 1')();` — , Oct 21 '20 at 20:11

Hans Koch · Accepted Answer · 2020-10-22T09:25:58.780

4

You can simply add this to the <head> of your loaded html

<meta http-equiv="Content-Security-Policy" content="default-src 'self'">

The issue comes not from electron but I assume you're running the electron application via a local web server, in that case you also need to provide the right configuration for the CSP.

edited Oct 22 '20 at 09:25

answered Oct 21 '20 at 21:58

Hans Koch

4,283
22
33

Having same issue and specifying self won't work as I am importing a main.js script in index.html – Kelvin Omereshone Aug 17 '21 at 12:37

Allowing eval in Electron?

1 Answers1