收藏
回答

关于小程序不能使用eval()、new Function()?

开发工具里会有这么一段提示。

The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.

To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.

If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.

⚠️ Allowing string evaluation comes at the risk of inline script injection



其中:

If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.

请问这句话是什么意思,按这句话的意思看,好像又是有方法可以启用eval?

回答关注问题邀请回答
收藏

3 个回答

  • showms
    showms
    2023-12-19

    基于安全考虑,不支持动态执行JS脚本,看下wx.createWorker是否满足?

    2023-12-19
    有用
    回复
  • Jianbo
    Jianbo
    2023-12-18

    这些都不支持。

    2023-12-18
    有用
    回复
  • 跨商通
    跨商通
    2023-12-18

    不支持。就别用了。

    2023-12-18
    有用
    回复
登录 后发表内容