Skip to content

Tag: settimeout

Why I see unsafe-eval alert when using setTimeout with strings?

Here is the example how it appear in Chrome dev tools: String Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source ofscript in the following Content Security Policy directive: “script-src’self’ ‘unsafe-inline’ https:”. What does this alert means and what is the security concern of using setTimeout with strings? Answer You’re using setTimeout wrong. When you

setTimeout with ajax

function ajax1(a, b, c){ c = new XMLHttpRequest;‘GET’, a); c.onload = b; c.send() } function handleData1(uu){ console.log(10) } for (var i=0;i<5;i++){ setTimeout(ajax1("…