Refused to evaluate a string as Javascript in chrome extension, in pdfjs

Question

I am working on a chrome extension which uses PDFJS, but PDFJS latest release have some javascript which is returning JS as string

Function("return this")()

which is not allowed in chrome extension. so it giving following error

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'

So, how can i bundle pdfjs files in chrome extension to get rid of this issue?

You'll have to modify the default CSP, I guess. See [this answer](https://stackoverflow.com/a/25721457). — wOxxOm, Jan 29 '19 at 14:39

score 0 · Answer 1 · answered Mar 06 '20 at 09:02

0

Actually, the issue is within a lib used by PDFJS. Using the version 2.1.266 should fix the problem.

Here is a more detailed thread about the issue and other workarounds: https://github.com/mozilla/pdf.js/issues/11036

answered Mar 06 '20 at 09:02

Sergiu

1,216
1
15
31

score -1 · Accepted Answer · answered Jan 30 '19 at 07:26

-1

Resolved the issue by adding 'unsafe-eval' option to content_security_policy in manifest.json.

answered Jan 30 '19 at 07:26

Haris Jamil

105
1
8

2

This is not really correct. This is a pretty dangerous permission to add and will make approval from google take a lot longer without addressing the root problem. Pinning the PDFjs version is a better answer IMO – rma May 07 '20 at 05:09

Refused to evaluate a string as Javascript in chrome extension, in pdfjs

2 Answers2