Uncaught EvalError
blocka opened this issue · 4 comments
I'm getting this error after trying the extension:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
Thanks for the feedback, I will try to fix this ASAP. Stay in touch.
Could you be so kind to answer those questions? They will help me to address the issue:
- Which version of Google Chrome are you using?
- Which version of Backbone Debugger are you using?
- Do you get this error just after restarting the app in debug mode?
- Do you get this error in ANY application on just in some?
- If it happens only in some, could you provide an example of such application?
- 29.0.1547.76
- 0.1.7
- Yes
- All
The error was actually occurring from hgimnogjllphhhkhlmebbmlgjoejdpjl (XPath Helper), but only manifested itself after restarting the app in debug mode.
When I removed that extension, it worked.
The fact that the error occurs from "XPATH Helper" changes everything: it adds an iframe pointing to an extension internal html page (bar.html).
Now, when the app is restarted in debug mode, to allow the debugging, scripts are injected into every frame page, even other extension iframes, but chrome extensions have a default security policy that disallows the eval of strings, which is used by the injected scripts.
So the scripts cannot be injected into bar.html and the error is shown. Please note, however, that the debugger continues to work because the injection process goes well in the other frames.
Anyway, this leads to the more general problem of pages with HTML5 Content Security Policy rules that disable evals. I've to think a way to replace them with something else.