AngularJS在Chrome扩展中使用eval [英] AngularJS uses eval in chrome extension
问题描述
eval
。这在chrome extionsion中是禁止的。 如何解决问题 错误消息: 拒绝将字符串评估为JavaScript,因为'unsafe-eval'是 堆栈跟踪: 更新:请参阅 OUTDATED:看起来AngularJS无法检测到Chrome扩展中的CSP。使用明确的 引用 Dmitry链接的文档: Angular会尝试自动检测CSP是否激活并自动打开 拒绝将字符串评估为JavaScript因为'unsafe-eval'是 这个错误是无害的,但令人讨厌。为防止错误显示 The lates AngularJS (1.3 beta 19) uses How to fix the issue without allowing evals? Error message: Refused to evaluate a string as JavaScript because 'unsafe-eval' is
not an allowed source of script in the following Content Security
Policy directive: "script-src 'self' chrome-extension-resource:". Stack trace: UPDATE: See documentation of OUTDATED: It looks like AngularJS fails to detect CSP in chrome extension. Use explicit To quote documentation that Dmitry linked: Angular tries to autodetect if CSP is active and automatically turn on
the CSP-safe mode. This autodetection however triggers a CSP error to
be logged in the console: Refused to evaluate a string as JavaScript because 'unsafe-eval' is
not an allowed source of script in the following Content Security
Policy directive: "default-src 'self'". Note that 'script-src' was not
explicitly set, so 'default-src' is used as a fallback. This error is harmless but annoying. To prevent the error from showing
up, put the
这篇关于AngularJS在Chrome扩展中使用eval的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
,而不是下面内容安全中允许的脚本源
Policy指令:script- src'self'chrome-extension-resource:。
($匿名函数)angular.js:23556
ng-csp
https://docs.angularjs.org/api/ng/directive/ngCsp
ng-csp
。链接到AngularJS问题: https://github.com/angular/angular.js/issues / 8777
CSP安全模式。然而,这个自动检测触发了一个CSP错误,以便在控制台中记录
:
$ b
而不是下面的Content Security
Policy指令允许的脚本源:default-src'self'。请注意,'script-src'不是
明确设置的,所以'default-src'被用作后备。
,请将 ngCsp应用程序
的根元素或 angular.js
脚本标记中的任何一个, html
文档。
eval
. This is prohibited in chrome extionsion.
angular.js:1011
csp angular.js:1011
(anonymous function) angular.js:23556
ng-csp
https://docs.angularjs.org/api/ng/directive/ngCspng-csp
. Link to the AngularJS issue: https://github.com/angular/angular.js/issues/8777
ngCsp
directive on the root element of the application
or on the angular.js
script tag, whichever appears first in the html
document.