Kumar Kumar - 9 months ago 34
Node.js Question

Content Security Policy (CSP) block eval method call

I am using

and in this a method call
that is blocked by
When i comment
code it's working fine.

Error: call to eval() blocked by CSP nicEdit.js:779:36

My CSP code

scriptSrc: ["'self'", "'unsafe-inline'"]

I am read also here https://developer.chrome.com/extensions/contentSecurityPolicy

Thanks in advance


If you really need to use nicEditor which contains eval (which is probably not a good idea in the first place), you can add the following directive: 'unsafe-eval'

I would really, really, recommend that you simply use a different editor which doesn't rely on eval though. It really is a security risk in most cases.

If you need an alternative, have a look at ProseMirror for example.