I would like to use the
Uncaught Error: Code generation from strings disallowed for this context
There were warnings when trying to install this extension:
'sandbox' is not allowed for specified package type (theme, app, etc.).
Since at least January 2013, Chrome now permits the
unsafe-eval Content Security Policy (CSP) directive, which allows
eval execution outside of a sandbox:
The policy against
eval()and its relatives like
new Function(String)can be relaxed by adding
'unsafe-eval'to your policy
Add an appropriate CSP to you extension manifest, like:
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'"
The bug you refer to is now marked
fixed, and has been included since Chrome 22.
Prior to the introduction of
'unsafe-eval', there was no way to have the CSP of a
manifest_version: 2 extension allow execution of arbitrary text as code. At the time, Google made it clear there was no way to remove this restriction (outside of sandboxing):
unsafe-inlinewill have no effect. This is intentional.
As mentioned above, this restriction can now be relaxed.