开发工具里会有这么一段提示。
The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.
To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.
If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.
⚠️ Allowing string evaluation comes at the risk of inline script injection
其中:
If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.
请问这句话是什么意思,按这句话的意思看,好像又是有方法可以启用eval?
基于安全考虑,不支持动态执行JS脚本,看下wx.createWorker是否满足?
这些都不支持。
不支持。就别用了。