Unsafe-eval error in package?


#1

I’m using math.js in my package, math.js uses the Function constructor to compile mathematical expressions into executable JavaScript code.

I’ve seen in two other topics about the same issue that I could use the loophole package. I’ve tried a lot with the package, but I keep having the same error.

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Here’s my current code:

CalculatorView = require './calculator-view'
{allowUnsafeEval, allowUnsafeNewFunction} = require 'loophole'
mathjs = require 'mathjs'
math = mathjs()

module.exports =
  activate: ->
    atom.workspaceView.command 'calculator:expression', => @expression()

  expression: ->
    # This assumes the active pane item is an editor
    meval = allowUnsafeEval -> allowUnsafeNewFunction -> math.eval;
    editor = atom.workspace.activePaneItem
    text = editor.getSelectedText()
    if text
      console.log meval(text)

#2

Looks like a duplicate of this topic …


#3

I’ve looked at that topic, but as I said, I’m still getting the error after using loophole.


#4

@Azeirah @leedohm

I get the same error from importing lesshat.less.

The exception:

JavaScript evaluation error: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'". from `(function(){var a,b,c,d,e,f,g;a="[all, 0.2s, ease-in-out]".split(","),c=["background-size","border-","box-shadow","column","transform"],d=c.length,e=a,f=!1,b=a.length;for(var h=0;h<d;h++)for(var i=0;i<b;i++){g=new RegExp(c[h],"g");try{"".trim(),f=!0}catch(j){f=!1}a[i]=f?a[i].trim():a[i],g.test(a[i])&&(e[i]=a[i].replace(g,"-webkit-"+c[h]))}return e.join(", ").replace("[","").replace("]","");}())`

  at new Parser (/Applications/Atom.app/Contents/Resources/app/node_modules/less-cache/node_modules/less/lib/less/parser.js:333:27)
    at LessCache.module.exports.LessCache.parseLess (/Applications/Atom.app/Contents/Resources/app/node_modules/less-cache/lib/less-cache.js:244:16)
    at LessCache.module.exports.LessCache.cssForFile (/Applications/Atom.app/Contents/Resources/app/node_modules/less-cache/lib/less-cache.js:275:20)
    at LessCompileCache.module.exports.LessCompileCache.cssForFile (/Applications/Atom.app/Contents/Resources/app/src/less-compile-cache.js:40:25)
    at ThemeManager.module.exports.ThemeManager.loadLessStylesheet (/Applications/Atom.app/Contents/Resources/app/src/theme-manager.js:363:33)
    at ThemeManager.module.exports.ThemeManager.loadStylesheet (/Applications/Atom.app/Contents/Resources/app/src/theme-manager.js:341:21)
    at /Applications/Atom.app/Contents/Resources/app/src/package.js:428:45
    at Array.map (native)
    at Package.module.exports.Package.loadStylesheets (/Applications/Atom.app/Contents/Resources/app/src/package.js:427:59)
    at /Applications/Atom.app/Contents/Resources/app/src/package.js:187:19

Lesshat defines all sorts of functions like so:

.background-image(...){
      @backgroundSVG: ~`(function(){function K(a){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",c,d,e,f,g,h,i,j,k=0,l=0,m="",...

Edited: wrong stacktrace