Skip to content
This repository has been archived by the owner on Dec 20, 2022. It is now read-only.

Angular error when eval - within chrome extension. #13

Closed
JohnRSim opened this issue Dec 25, 2013 · 5 comments
Closed

Angular error when eval - within chrome extension. #13

JohnRSim opened this issue Dec 25, 2013 · 5 comments

Comments

@JohnRSim
Copy link

I thought it would be interesting to see how this would run within Chrome extension it almost works apart from issue with a partial not rendering correctly -

Running in Chrome / firefox works fine but in an extension

I get this error -

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
angular.js:10236
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:".

This is an example of the generated output you can see the partial is being written every time I click back to it.

<body>
  <ul class="menu">
    <li><a href="#/view1">view1</a></li>
    <li><a href="#/view2">view2</a></li>
  </ul>

  <!-- ngView:  --><div data-ng-view="" class="ng-scope"><p class="ng-scope">This is the partial for view 1.</p>
</div><div data-ng-view="" class="ng-scope"><p>This is the partial for view 2.</p>
<p>
  Showing of 'interpolate' filter:
  {{ 'Current version is v%VERSION%.' | interpolate }}
</p>
</div><div data-ng-view="" class="ng-scope"><p>This is the partial for view 2.</p>
<p>
  Showing of 'interpolate' filter:
  {{ 'Current version is v%VERSION%.' | interpolate }}
</p>
</div>

  <script src="lib/requirejs/require.js" data-main="js/main.js"></script>


</body>

Not sure if this is an issue with angular but thought it was worth posting here :)

Thanks for the great blog post of using requirejs with angular.
@Maqsim
Copy link
Member

Maqsim commented Dec 26, 2013

Hi @JohnRSim. Thanks for report. To allow unsafe-eval, include "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'" into manifest.json. But I'm not recomending to do this, cuz it might be dangerous (XSS attacks)

@JohnRSim
Copy link
Author

Thanks Maqsim; I tried setting the content_security_policy but I get this message -
There were warnings when trying to install this extension:
'content_security_policy' is only allowed for extensions and legacy packaged apps, but this is a packaged app.

I'm going to take a look at sandboxing - http://developer.chrome.com/apps/sandboxingEval.html
see if this works.

@dmitryevseev
Copy link
Member

Hi @JohnRSim . Here is a bug report on Chromium stating that unsafe-eval errors are handled wrong. There are also other discussions about running into this error when building browser extensions. Also this SO that you've probably seen already suggests other solution. Unfortunately I can't provide anymore help so far, have not met it yet.

@pratiklodha95
Copy link

did u find any solution ?

@dmitryevseev
Copy link
Member

@pratiklodha95 I had no issues running the up-to-date version of ngSeed inside chrome extension. Through you need to extract script from index.html to the file, and don't forget to enable Content Security Policy mode for angular: http://stackoverflow.com/questions/11336969/using-angularjs-in-a-google-chrome-extension

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@JohnRSim @dmitryevseev @Maqsim @pratiklodha95