Chrome 扩展拒绝将字符串评估为 JavaScript 因为 emscripten 生成的文件中的 'unsafe-eval'
Chrome extension refused to evaluate a string as JavaScript because 'unsafe-eval' in emscripten generated file
我正在尝试在我的 Chrome 插件中加载一个 wasm 模块。 Chrome 抱怨 emscripten 生成的 wasm 模块中的以下函数。它在以下 js
上跳闸
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem:".
function createNamedFunction(name, body) {
name = makeLegalFunctionName(name);
/*jshint evil:true*/
return new Function(
"body",
"return function " + name + "() {\n" +
" \"use strict\";" +
" return body.apply(this, arguments);\n" +
"};\n"
)(body);
}
我正在 background.html 文件中加载脚本,因此它可以作为一个模块运行。 .
<script type="module" src="../js/background.js"></script>
<script type="module" src="../js/AudioWorkletProcessor.js"></script>
<script type="module" src="../js/kernel.wasmmodule.js"></script>
人们如何在他们的插件中使用 Web Assembly 解决这个问题?
-s NO_DYNAMIC_EXECUTION=1 从生成的代码中删除 eval() 和 new Function()。
https://github.com/emscripten-core/emscripten/blob/master/src/settings.js#L1030
When set to 0, we do not emit eval() and new Function(), which disables some functionality
(causing runtime errors if attempted to be used), but allows the emitted code to be
acceptable in places that disallow dynamic code execution (chrome packaged app,
privileged firefox app, etc.). Pass this flag when developing an Emscripten application
that is targeting a privileged or a certified execution environment, see
Firefox Content Security Policy (CSP) webpage for details:
https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS/CSP
When this flag is set, the following features (linker flags) are unavailable:
--closure 1: When using closure compiler, eval() would be needed to locate the Module object.
-s RELOCATABLE=1: the function Runtime.loadDynamicLibrary would need to eval().
--bind: Embind would need to eval().
Additionally, the following Emscripten runtime functions are unavailable when
DYNAMIC_EXECUTION=0 is set, and an attempt to call them will throw an exception:
- emscripten_run_script(),
- emscripten_run_script_int(),
- emscripten_run_script_string(),
- dlopen(),
- the functions ccall() and cwrap() are still available, but they are restricted to only
being able to call functions that have been exported in the Module object in advance.
When set to -s DYNAMIC_EXECUTION=2 flag is set, attempts to call to eval() are demoted
to warnings instead of throwing an exception.
我正在尝试在我的 Chrome 插件中加载一个 wasm 模块。 Chrome 抱怨 emscripten 生成的 wasm 模块中的以下函数。它在以下 js
上跳闸Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem:".
function createNamedFunction(name, body) {
name = makeLegalFunctionName(name);
/*jshint evil:true*/
return new Function(
"body",
"return function " + name + "() {\n" +
" \"use strict\";" +
" return body.apply(this, arguments);\n" +
"};\n"
)(body);
}
我正在 background.html 文件中加载脚本,因此它可以作为一个模块运行。 .
<script type="module" src="../js/background.js"></script>
<script type="module" src="../js/AudioWorkletProcessor.js"></script>
<script type="module" src="../js/kernel.wasmmodule.js"></script>
人们如何在他们的插件中使用 Web Assembly 解决这个问题?
-s NO_DYNAMIC_EXECUTION=1 从生成的代码中删除 eval() 和 new Function()。
https://github.com/emscripten-core/emscripten/blob/master/src/settings.js#L1030
When set to 0, we do not emit eval() and new Function(), which disables some functionality (causing runtime errors if attempted to be used), but allows the emitted code to be acceptable in places that disallow dynamic code execution (chrome packaged app, privileged firefox app, etc.). Pass this flag when developing an Emscripten application that is targeting a privileged or a certified execution environment, see Firefox Content Security Policy (CSP) webpage for details: https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS/CSP When this flag is set, the following features (linker flags) are unavailable: --closure 1: When using closure compiler, eval() would be needed to locate the Module object. -s RELOCATABLE=1: the function Runtime.loadDynamicLibrary would need to eval(). --bind: Embind would need to eval(). Additionally, the following Emscripten runtime functions are unavailable when DYNAMIC_EXECUTION=0 is set, and an attempt to call them will throw an exception:
- emscripten_run_script(),
- emscripten_run_script_int(),
- emscripten_run_script_string(),
- dlopen(),
- the functions ccall() and cwrap() are still available, but they are restricted to only being able to call functions that have been exported in the Module object in advance.
When set to -s DYNAMIC_EXECUTION=2 flag is set, attempts to call to eval() are demoted to warnings instead of throwing an exception.