#15950 closed defect (fixed)
Chrome extensions manifest_version 2 problem (csp)
Reported by: | viroroi | Owned by: | dylan |
---|---|---|---|
Priority: | undecided | Milestone: | 1.11 |
Component: | Core | Version: | 1.8.0 |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
Hi,
I was developing a chrome extension without problems with dojox mobile, building a single dojo.js file.
But now in chrome extension manifest_version 2 there has a new Content Security Policy (CSP) for genereting the extension. So, there are some instruccions not valid (new Function and Eval) in dojo.js built.
I have tried to create a sandbox in chrome extension manifest, but the same error.
Line 18: var A=new Function("return eval(arguments[0]);");
"Uncaught Error: Code generation from strings disallowed for this context"
I can not create chrome extensions from now. How can I solve it?
Thanks
Change History (8)
comment:1 Changed 8 years ago by
comment:2 Changed 8 years ago by
Seems to me there are basically 2 primary problems blocking this from working.
The first is http://bugs.dojotoolkit.org/browser/dojo/tags/release-1.8.3/dojo/dojo.js#L313
The second is http://bugs.dojotoolkit.org/browser/dojo/tags/release-1.8.3/dojo/_base/kernel.js#L110
If I comment these out, I'm able to get a very basic chrome extension w/ manifest v2 to run. However, I expect your mileage may vary; in particular, the second line of code pointed out above is responsible for defining dojo.eval
, so if you rely on any code that in turn relies on that, you may be out of luck.
Monteslu and I are wondering if it'd be feasible to has-bracket these lines of code so that one can build an eval-less version of Dojo. Maybe call it has("evil")
? ;)
comment:3 Changed 8 years ago by
I made the changes for a custom build of monteslu and my game engine. I called the has tests has("csp-restrictions").
It seems that declare has an offending line also: http://bugs.dojotoolkit.org/browser/dojo/tags/release-1.8.3/dojo/_base/declare.js#L6
comment:4 Changed 8 years ago by
Made some sample commits to a fork on my github. https://github.com/phated/dojo/commits/csp
comment:5 Changed 5 years ago by
Component: | General → Core |
---|---|
Milestone: | tbd → 1.11 |
Owner: | set to dylan |
Status: | new → assigned |
Summary: | Chrome extensions manifest_version 2 problem → Chrome extensions manifest_version 2 problem (csp) |
comment:6 Changed 5 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Verified this is a problem.
it's currently blocking me from adding some games to the chrome web store.
Any way to coerce the loader into not using evals?