我需要在使用Backbone.js编写的Chrome打包应用中创建RSA签名。但是当我使用时 jsrsasign我明白了:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an
allowed source of script in the following Content Security Policy directive:
"default-src 'self' chrome-extension-resource:". Note that 'script-src' was
not explicitly set, so 'default-src' is used as a fallback.
我尝试设置content_security_policy,但它不适用于打包的应用。那么如何解决这个问题?
导致问题的代码是:
var sig = new KJUR.crypto.Signature({"alg": "SHA1withRSA", "prov": "cryptojs/jsrsa"});
lib正在调用eval:
this.md = eval(KJUR.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[alg]).create();
答案 0 :(得分:1)
乍一看,您似乎可以使用以下方法在库中修补该行:
this.md = CryptoJS.algo[alg.toUpperCase()].create();