AngularJS在Chrome扩展中使用eval [英] AngularJS uses eval in chrome extension

问题描述

AngularJS（1.3 beta 19）使用 eval 。这在chrome extionsion中是禁止的。

如何解决问题

错误消息：

拒绝将字符串评估为JavaScript，因为'unsafe-eval'是
，而不是下面内容安全中允许的脚本源
Policy指令：script- src'self'chrome-extension-resource：。

堆栈跟踪：

（$匿名函数）angular.js：23556

更新：请参阅 ng-csp https://docs.angularjs.org/api/ng/directive/ngCsp

OUTDATED：看起来AngularJS无法检测到Chrome扩展中的CSP。使用明确的 ng-csp 。链接到AngularJS问题： https://github.com/angular/angular.js/issues / 8777

解决方案

引用 Dmitry链接的文档：

Angular会尝试自动检测CSP是否激活并自动打开
CSP安全模式。然而，这个自动检测触发了一个CSP错误，以便在控制台中记录
：
$ b

拒绝将字符串评估为JavaScript因为'unsafe-eval'是
而不是下面的Content Security
Policy指令允许的脚本源：default-src'self'。请注意，'script-src'不是
明确设置的，所以'default-src'被用作后备。

这个错误是无害的，但令人讨厌。为防止错误显示
，请将 ngCsp应用程序
的根元素或 angular.js 脚本标记中的任何一个， html
文档。





The lates AngularJS (1.3 beta 19) uses eval. This is prohibited in chrome extionsion.

How to fix the issue without allowing evals?

Error message:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".

Stack trace:

angular.js:1011
csp angular.js:1011
(anonymous function) angular.js:23556

UPDATE: See documentation of ng-csp https://docs.angularjs.org/api/ng/directive/ngCsp

OUTDATED: It looks like AngularJS fails to detect CSP in chrome extension. Use explicit ng-csp. Link to the AngularJS issue: https://github.com/angular/angular.js/issues/8777

解决方案

To quote documentation that Dmitry linked:

Angular tries to autodetect if CSP is active and automatically turn on the CSP-safe mode. This autodetection however triggers a CSP error to be logged in the console:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

This error is harmless but annoying. To prevent the error from showing up, put the ngCsp directive on the root element of the application or on the angular.js script tag, whichever appears first in the html document.

这篇关于AngularJS在Chrome扩展中使用eval的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！