[
https://issues.apache.org/jira/browse/CB-9277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Morille Jerome updated CB-9277:
-------------------------------
Description:
With CCA 0.7.1 during processing NFC message with the plugins
{code}
<plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>
{code}
the call of the plugin function (and when passing the nfc tags)
{code}
nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );
{code}
the error is raised
{code}
Uncaught EvalError: Refused to evaluate a string as JavaScript because
'unsafe-eval' is not an allowed source of script in the following Content
Security Policy directive: "default-src file: data: chrome-extension:
https://ssl.gstatic.com";.
processMessage @ cordova.js:1070
processMessages @ cordova.js:1104
pollOnce @ cordova.js:973
pollOnceFromOnlineEvent
{code}
The problem is writing directly in the code source of the following file
n the file
https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js
line 1073 we have the eval that cause the bugs.. (like writted in the code)
{code}
function processMessage(message) {
var firstChar = message.charAt(0);
if (firstChar == 'J') {
// This is deprecated on the .java side. It doesn't work with CSP
enabled.
eval(message.slice(1));
} else if (firstChar == 'S' || firstChar == 'F') {
var success = firstChar == 'S';
var keepCallback = message.charAt(1) == '1';
var spaceIdx = message.indexOf(' ', 2);
var status = +message.slice(2, spaceIdx);
var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
var payloadMessage = message.slice(nextSpaceIdx + 1);
var payload = [];
buildPayload(payload, payloadMessage);
cordova.callbackFromNative(callbackId, success, status, payload,
keepCallback);
} else {
console.log("processMessage failed: invalid message: " +
JSON.stringify(message));
}
}
{code}
please correct this code
{code}
// This is deprecated on the .java side. It doesn't work with CSP enabled.
eval(message.slice(1));
{code}
https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584
was:
With CCA 0.7.1 during processing NFC message with the plugins
{code}
<plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>
{code}
the call of the plugin function (and when passing the nfc tags)
{code}
nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );
{code}
the error is raised
{code}
Uncaught EvalError: Refused to evaluate a string as JavaScript because
'unsafe-eval' is not an allowed source of script in the following Content
Security Policy directive: "default-src file: data: chrome-extension:
https://ssl.gstatic.com";.
processMessage @ cordova.js:1070
processMessages @ cordova.js:1104
pollOnce @ cordova.js:973
pollOnceFromOnlineEvent
{code}
The problem is writing directly in the code source of the following file
n the file
https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js
line 1073 we have the eval that cause the bugs.. (like writted in the code)
{code}
function processMessage(message) {
var firstChar = message.charAt(0);
if (firstChar == 'J') {
// This is deprecated on the .java side. It doesn't work with CSP
enabled.
eval(message.slice(1));
} else if (firstChar == 'S' || firstChar == 'F') {
var success = firstChar == 'S';
var keepCallback = message.charAt(1) == '1';
var spaceIdx = message.indexOf(' ', 2);
var status = +message.slice(2, spaceIdx);
var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
var payloadMessage = message.slice(nextSpaceIdx + 1);
var payload = [];
buildPayload(payload, payloadMessage);
cordova.callbackFromNative(callbackId, success, status, payload,
keepCallback);
} else {
console.log("processMessage failed: invalid message: " +
JSON.stringify(message));
}
}
{code}
https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584
> CSP error in processMessage
> ---------------------------
>
> Key: CB-9277
> URL: https://issues.apache.org/jira/browse/CB-9277
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Affects Versions: 3.5.0
> Environment: CCA 0.7.1 with cordova com.chariotsolutions.nfc.plugin
> Reporter: Morille Jerome
>
> With CCA 0.7.1 during processing NFC message with the plugins
> {code}
> <plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>
> {code}
> the call of the plugin function (and when passing the nfc tags)
> {code}
> nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );
> {code}
> the error is raised
> {code}
> Uncaught EvalError: Refused to evaluate a string as JavaScript because
> 'unsafe-eval' is not an allowed source of script in the following Content
> Security Policy directive: "default-src file: data: chrome-extension:
> https://ssl.gstatic.com";.
> processMessage @ cordova.js:1070
> processMessages @ cordova.js:1104
> pollOnce @ cordova.js:973
> pollOnceFromOnlineEvent
> {code}
> The problem is writing directly in the code source of the following file
> n the file
> https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js
> line 1073 we have the eval that cause the bugs.. (like writted in the code)
> {code}
> function processMessage(message) {
> var firstChar = message.charAt(0);
> if (firstChar == 'J') {
> // This is deprecated on the .java side. It doesn't work with CSP
> enabled.
> eval(message.slice(1));
> } else if (firstChar == 'S' || firstChar == 'F') {
> var success = firstChar == 'S';
> var keepCallback = message.charAt(1) == '1';
> var spaceIdx = message.indexOf(' ', 2);
> var status = +message.slice(2, spaceIdx);
> var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
> var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
> var payloadMessage = message.slice(nextSpaceIdx + 1);
> var payload = [];
> buildPayload(payload, payloadMessage);
> cordova.callbackFromNative(callbackId, success, status, payload,
> keepCallback);
> } else {
> console.log("processMessage failed: invalid message: " +
> JSON.stringify(message));
> }
> }
> {code}
> please correct this code
> {code}
> // This is deprecated on the .java side. It doesn't work with CSP enabled.
> eval(message.slice(1));
> {code}
> https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
