anton.mo anton.mo - 1 month ago 13
Javascript Question

JSON schema validation in chrome packaged app

I am tring to use AJV JSON schema validator in my chrome app.
But I am getting the error


EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:".


It happens during execution of

var validate = ajv.compile(schema);


As I understand AJV uses dynamic code generation and eval() to validate JSON
which is forbidden by CSP.

Is there a way to use AJV in chrome apps?

Or is there some other JSON schema validator which could be used in chrome apps?

Xan Xan
Answer

If some library that you want to use is incompatible with Chrome CSP, then you can use it inside a sandbox.

This is well documented, and has a concrete example and a whole dedicated article "Using eval in Chrome Extensions. Safely."

The downside is that you can't write code that uses both Chrome API and the library. You need to separate this and communicate between two scripts.

Comments