Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Content Security Policy: Uncaught EvalError
See original GitHub issueUncaught EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘self’ blob: filesystem:”.
I’m using EJS to render templates in a Browser Extension and the use of new Function("return this;") is throwing a CSP error. I’m building from the npm package, but looked into the client side distribution and noticed the same eval occurs there as well. (https://github.com/mde/ejs/blob/v2.6.2/lib/ejs.js#L106)
Here’s an example of a fix that works in the browser extension context. I’d be happy to open a PR and validate the fix in the context if it’s an acceptable change.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:7
- Comments:9 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’m still running into the same issue… Is there any update?
That won’t work in this case, because EJS works by transpiling the
.ejsfile into a JavaScript function at runtime.