Kumar Kumar - 4 months ago 17
Node.js Question

Content Security Policy (CSP) block eval method call

I am using

nicEditor
and in this a method call
eval
that is blocked by
CSP
When i comment
CSP
code it's working fine.

Error: call to eval() blocked by CSP nicEdit.js:779:36


My CSP code

scriptSrc: ["'self'", "'unsafe-inline'"]


I am read also here https://developer.chrome.com/extensions/contentSecurityPolicy

Thanks in advance

Answer

If you really need to use nicEditor which contains eval (which is probably not a good idea in the first place), you can add the following directive: 'unsafe-eval'

I would really, really, recommend that you simply use a different editor which doesn't rely on eval though. It really is a security risk in most cases.

If you need an alternative, have a look at ProseMirror for example.