Getting unsafe-eval with loophole


#1
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

So I know this topic has been brought up before, but the workaround to include loophole doesn’t seem to be working.

{allowUnsafeEval} = require 'loophole'
appLib  = allowUnsafeEval -> require('app-lib');

appLib is just generic node package to make files and start a live-reload server.
Any reason for this, or have I done something wrong?


#2

I don’t know the details, but there’s also: allowUnsafeNewFunction. Recently when loading a third party lib it allowUnsafeEval didn’t work for me, but this did:

{allowUnsafeEval, allowUnsafeNewFunction} = require 'loophole'

allowUnsafeEval ->
  allowUnsafeNewFunction ->
    template = hamlc.compile(templateSource, escapeAttributes: false)

#3

Bringing this up again. Loophole does not seem to work properly with me.
When using it like:

allowUnsafeEval} = require 'loophole'
Mathjs = allowUnsafeEval -> require 'mathjs'

the outcome is Cannot find module 'loophole' error. When trying to install loophole with apm, the result is Request for package information failed: Not Found.
Is the package broken somehow? Is there any way I could manually include it in my project?


#4

Solved. The proper way to include it was:

{allowUnsafeEval, allowUnsafeNewFunction} = require 'loophole'
Mathjs = allowUnsafeNewFunction -> require 'mathjs'

The package has been installed via npm.