我在Google扩展中使用处理JS。常规的网页可以工作,但是当我尝试扩展时,如下所示:
window.localStorage is not available in packaged apps. Use chrome.storage.local instead. extensions::platformApp:17
processing.js:718 Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the follow
我试图将sql.js(基于JS的SQLite )集成到我的铬应用程序中,但在启动应用程序时,控制台显示了以下错误:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'sc
我在一个网页上添加了以下内容: <script type="text/javascript">
window.addEventListener("load", function () {
window.location = "https://localhost:5002";
});
</script> 当我运行应用程序时,我得到以下错误: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an a
在我的应用程序中使用lodash和fabric js,但两者都不符合内容安全策略(CSP)。
将错误显示为:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' ".
有没有办法让CSP兼容的房源和面料js两者兼备?
vendor-suffix.js:1 [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'nonce-abcdefg' localhost:4200 0.0.0.0:4200".
我安装了ember-cli-cont
Selendroid无法在WebView中单击UI元素,但能够识别web元素。
下面是堆栈跟踪。请帮帮忙。
org.openqa.selenium.WebDriverException: CATCH_ALL:
java.lang.NumberFormatException: Invalid int: "{"message":"Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the fol
我正在将我的chrome扩展升级到manifest版本3,但是我的扩展在其内容脚本中使用了eval。在版本3中,我得到以下错误 Error in event handler: EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'". 我能够
我正在开发一个使用PDFJS的chrome扩展,但是PDFJS的最新版本有一些javascript,它以字符串的形式返回JS。
Function("return this")()
在铬扩展中是不允许的。所以给出了跟随错误
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: &
我正在尝试创建一个带有AngularJS 1.5依赖项的chrome插件。在这一点上,我得到了这个错误。
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:
我使用APIDoc来生成NodeJS应用程序的API文档。我在为生成的index.html页面服务时遇到了问题:Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'". 如何解决这个错误?
我已经尝试过关闭安全性,并在这个h
我正在尝试在Chrome打包应用程序中使用MathJax。它根本没有加载,因此出现了以下错误:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:".
我怎么才能让它
启用AdBlock时,我得到以下错误:
AddThis:Uncaught Error: Must pass a string which will eval to a globally accessible object where callbacks will be stored
MathJax:Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following C
我正在实现标题content-security-policy并清理(大量的)代码。
我在javascript方面的主要症结是jQuery-1.11.3违反了eval策略:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'
除了不
在编译Webpack后重新加载我的Chrome扩展时,我得到了这个错误:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:".
如果我尝试使用拉斐尔在default_popup页面中为我的Chrome扩展绘制一个路径:
r.path("M0,0L10,10");
我得到以下错误:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chro
我正在使用CefSharp进行网页的屏幕外渲染,我想在拍摄渲染页面的屏幕截图之前执行一个JavaScript代码。
不幸的是,在某些网页(例如)上使用browser.EvaluateScriptAsync("document.body.scrollHeight")会导致以下错误:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Conten
我将我的ember-cli应用程序升级到了0.0.47,现在在我的浏览器控制台上收到了一堆与内容安全策略相关的错误。如何解决此问题?
Refused to load the script 'http://use.typekit.net/abcdef.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' localhost:35729".
login:1
Refused to
我需要在我用Backbone.js编写的Chrome打包应用程序中创建RSA签名。但是当我使用时,我得到:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an
allowed source of script in the following Content Security Policy directive:
"default-src 'self' chrome-extension-resource:". Note that 'scri
我的应用程序使用了Express、cors和头盔。Vue3仅在客户端使用,库文件是自托管在公用文件夹中的。我只是做了
<script type="module" src="/public/lib/vue.esm-browser.js"></script>
若要向客户端添加模块,请执行以下操作。问题是,当我使用它时,它总是给我一个Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allo
我对CSP的理解还是个新手,也许我只是在这里没有用正确的方式去做一些事情。 我为所有不同的策略类型和script-src 'self' <urls> unsafe-inline添加了白名单 然而,我收到了几份关于Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source的报告 这些都在我的供应商js文件中,它是我们所有供应商的一个精简和模糊的集合。通过与Webpack和拉威尔混合的npm build完成。 当如此多的供应商脚本似乎
在上层环境中抛出一个错误:
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:
我不能在本地重新创建这个程序,所以我试图在本质上允许所有的脚本源等等,并且只阻止那些被认为是“不安全的”。
我在<meta>文件中尝试了很多index.html标记,但是到目前为止,我尝试的每一件事都阻止了我需要的其他
在我的应用程序中,通过API调用获取的blob传递给一个自定义npm包,该包将在屏幕上显示blob (这是一个图像)。在当地,它能工作!只是不在开发服务器上。
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https
我正试图在我的Chrome插件中加载一个wasm模块。Chrome抱怨由emscripten生成的wasm模块中有以下功能。它运行在以下js上
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem:
我有一个用TypeScript和React+JSX编写的Chrome扩展。我在我的扩展的Chrome扩展选项卡中看到以下错误: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
Context
_generate
所以,我正在构建一个简单的视频编辑器。我正在使用Fabric.js <script src="/js/fabric.js"></script>来操作正在进行编辑的画布。
我已经省略了它的序列化和解析器模型,但它仍然使用eval来处理抛出错误的东西:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Se
我正在用摩卡、柴伊和西农测试我的铬延伸。当我试图从方法中存根一个对象时,我得到:
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource:".
at cr
我正在开发一个使用Vue 3和Node/Express的web应用程序。在为构建的前端代码提供服务时,我得到以下错误:
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed
source of script in the following Content Security Policy directive: "script-src 'self'".
at new Function (<anony
错误:
Uncaught Template render error: (result.html)
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src *".
nginx配置:
[..]
more_set_headers "Content-Secur
我有以下js文件本地;
<script type="text/javascript" src="js/jquery-1.11.1.min.js"></script>
在Ripple中运行我的Cordova Phonegap应用程序会抛出以下错误;
jquery.mobile-1.4.5.min.js:3 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==' because it v
我们的应用程序正在更新,以符合新的CSP (内容安全策略)规则。
例如,内联事件处理程序被addEventListener()替换,内联样式被CSS替换。
但是,在某些情况下,文档位置被设置为javascript表达式,如下所示.
document.location = 'javascript:someFunction()';
...which导致以下错误..。
"Refused to run the JavaScript URL because it violates the following Content Security Policy directive: &
当我在我的ember-cli项目中上传liquid-fire时,我得到了一个白屏,这是我得到的错误,我正在运行ember版本1.13.1,node.12.2,npm 2.12.1,liquid-fire 0.20.4,第二次我卸载liquid-fire它开始工作得很好,你有什么想法吗?
about:1 [Report Only] Refused to load the script'http://maps.googleapis.com/maps/api/js?v=3' because it violates the following Content Security Poli
Chrome给了我以下错误:
Refused to load the script 'http://domain.com/myexternalscript.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'"
目前,在我的清单中,我的内容安全策略如下:
"content_security_policy": "script-src 'self&
我尝试了一系列安全策略来连接我们的api,但总是被拒绝。
Refused to connect to 'https://myapi...' because it violates the following Content Security Policy directive: "connect-src 'self' https://myapi.../* 'unsafe-inline' 'unsafe-eval'".
我使用的是电容器-社区/电子的默认代码,我所做的只是尝试了一大堆不同的Content-Securit