Angular error when eval - within chrome extension.

[JohnRSim]

I thought it would be interesting to see how this would run within Chrome extension it almost works apart from issue with a partial not rendering correctly -

Running in Chrome / firefox works fine but in an extension

I get this error -

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. angular.js:10236 EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' chrome-extension-resource:".

This is an example of the generated output you can see the partial is being written every time I click back to it.

<body>
  <ul class="menu">
    <li><a href="#/view1">view1</a></li>
    <li><a href="#/view2">view2</a></li>
  </ul>

  <!-- ngView:  --><div data-ng-view="" class="ng-scope"><p class="ng-scope">This is the partial for view 1.</p>
</div><div data-ng-view="" class="ng-scope"><p>This is the partial for view 2.</p>
<p>
  Showing of 'interpolate' filter:
  {{ 'Current version is v%VERSION%.' | interpolate }}
</p>
</div><div data-ng-view="" class="ng-scope"><p>This is the partial for view 2.</p>
<p>
  Showing of 'interpolate' filter:
  {{ 'Current version is v%VERSION%.' | interpolate }}
</p>
</div>

  <script src="lib/requirejs/require.js" data-main="js/main.js"></script>

</body>

Not sure if this is an issue with angular but thought it was worth posting here :)

Thanks for the great blog post of using requirejs with angular.

[Maqsim]

Hi @JohnRSim. Thanks for report. To allow unsafe-eval, include "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'" into manifest.json. But I'm not recomending to do this, cuz it might be dangerous (XSS attacks)

[JohnRSim]

Thanks Maqsim; I tried setting the content_security_policy but I get this message - There were warnings when trying to install this extension: 'content_security_policy' is only allowed for extensions and legacy packaged apps, but this is a packaged app.

I'm going to take a look at sandboxing - http://developer.chrome.com/apps/sandboxingEval.html see if this works.

[dmitryevseev]

Hi @JohnRSim . Here is a bug report on Chromium stating that unsafe-eval errors are handled wrong. There are also other discussions about running into this error when building browser extensions. Also this SO that you've probably seen already suggests other solution. Unfortunately I can't provide anymore help so far, have not met it yet.

[pratiklodha95]

did u find any solution ?

[dmitryevseev]

@pratiklodha95 I had no issues running the up-to-date version of ngSeed inside chrome extension. Through you need to extract script from index.html to the file, and don't forget to enable Content Security Policy mode for angular: http://stackoverflow.com/questions/11336969/using-angularjs-in-a-google-chrome-extension