我正在尝试使用Ext JS 5.1.0开发Google Chrome扩展程序。Extjs,Chrome扩展和内容安全策略
当我试图将ext-all.js添加到default_popup html中时,我发现Google chrome扩展不能再使用eval()或new Function()等动态脚本评估技术,或将JS代码串传递给函数这会导致使用eval(),比如setTimeout()。
所以设置谷歌浏览器的调试器中返回以下错误:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
ext-all-debug.js:8742 Ext.ClassManager.Ext.apply.getInstantiator
这是有故障的一段代码
getInstantiator: function(length) {
var instantiators = this.instantiators,
instantiator, i, args;
instantiator = instantiators[length];
if (!instantiator) {
i = length;
args = [];
for (i = 0; i < length; i++) {
args.push('a[' + i + ']');
}
// The problem is here
instantiator = instantiators[length] = new Function('c','a','return new c(' + args.join(',') + ')');
instantiator.name = "Ext.create" + length;
}
return instantiator;
},
我已经找到了解决改变content_security_policy
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
将此行添加到manifest.json
pe rmits动态脚本评估技术(但这是危险的)。
所以,我想保留标准的谷歌浏览器安全权限。 有没有办法解决这个问题?