I am trying to create a web extension that allows a Desmos calculator to be used as a popup in an extension. I have it working, but I have to use the "unsafe_eval" in the "content_security_policy" part of the manifest, which I know is a big security risk. Is there any way to get it working without the "unsafe_eval"?
Code:
manifest.json
{ "manifest_version": 2, "name": "Desmos Extension", "version": "1.0", "description": "Desmos scientific calculator which can be brought up as an extension popup.", "content_security_policy": "script-src 'self' 'unsafe-eval' https://www.desmos.com/api/v1.5/calculator.js; object-src 'self'", "browser_action": { "default_popup": "popup.html", "default_title": "Desmos" } } popup.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Calculator</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="calculator"></div> <script src="https://www.desmos.com/api/v1.5/calculator.js?apiKey=dcb31709b452b1cf9dc26972add0fda6"></script> <script src="calc.js"></script> </body> </html> calc.js
const elt = document.getElementById('calculator'); const calculator = Desmos.ScientificCalculator(elt); 
没有评论:
发表评论