Skip to content
Advertisement

Tag: eval

Why I see unsafe-eval alert when using setTimeout with strings?

Here is the example how it appear in Chrome dev tools: String Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source ofscript in the following Content Security Policy directive: “script-src’self’ ‘unsafe-inline’ https:”. What does this alert means and what is the security concern of using setTimeout with strings? Answer You’re using setTimeout wrong. When you

javascript eval works one way but not the other, why?

I am trying to use eval function for dynamic assignment. I know it is bad practice and have modified the code to not use eval. Still though, I don’t understand why it worked one way but not the other. Here is what worked: What didn’t work: Can someone tell me what’s wrong with the second approach? Answer In the second

Advertisement