我需要在用Backbone.js编写的Chrome打包应用程序中创建RSA签名jsrssign我得到:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an
allowed source of script in the following Content Security Policy directive:
"default-src 'self' chrome-extension-resource:". Note that 'script-src' was
not explicitly set, so 'default-src' is used as a fallback.
我尝试设置content_security_policy,但它不适用于打包的应用程序。那么如何解决这个问题呢?
导致问题的代码是:
var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA", "prov": "cryptojs/jsrsa"});
lib正在调用eval:
this.md = eval(KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[alg]).create();
乍一看,您似乎可以使用在库中修补该行
this.md = CryptoJS.algo[alg.toUpperCase()].create();