我正在嘗試使用Ext JS 5.1.0開發Google Chrome擴展程序。Extjs,Chrome擴展和內容安全策略
當我試圖將ext-all.js添加到default_popup html中時,我發現Google chrome擴展不能再使用eval()或new Function()等動態腳本評估技術,或將JS代碼串傳遞給函數這會導致使用eval(),比如setTimeout()。
所以設置谷歌瀏覽器的調試器中返回以下錯誤:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:".
ext-all-debug.js:8742 Ext.ClassManager.Ext.apply.getInstantiator
這是有故障的一段代碼
getInstantiator: function(length) {
var instantiators = this.instantiators,
instantiator, i, args;
instantiator = instantiators[length];
if (!instantiator) {
i = length;
args = [];
for (i = 0; i < length; i++) {
args.push('a[' + i + ']');
}
// The problem is here
instantiator = instantiators[length] = new Function('c','a','return new c(' + args.join(',') + ')');
instantiator.name = "Ext.create" + length;
}
return instantiator;
},
我已經找到了解決改變content_security_policy
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
將此行添加到manifest.json
pe rmits動態腳本評估技術(但這是危險的)。
所以,我想保留標準的谷歌瀏覽器安全權限。 有沒有辦法解決這個問題?