You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Jerome Lambert (JIRA)" <ji...@apache.org> on 2015/08/14 11:38:45 UTC

[jira] [Commented] (CB-9277) CSP error in processMessage (cordova.js:1072)

    [ https://issues.apache.org/jira/browse/CB-9277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14696765#comment-14696765 ] 

Jerome Lambert commented on CB-9277:
------------------------------------

I have the same issue but I'm not able to determine which plugin is source of use the deprecated method.

Here's my plugin list:
android.support.v4 21.0.1 "Android Support v4"
com.google.playservices 21.0.0 "Google Play Services for Android"
com.ionic.keyboard 1.0.4 "Keyboard"
cordova-plugin-camera 1.2.0 "Camera"
cordova-plugin-console 1.0.1 "Console"
cordova-plugin-device 1.0.1 "Device"
cordova-plugin-file 2.1.0 "File"
cordova-plugin-geolocation 1.0.1 "Geolocation"
cordova-plugin-globalization 1.0.2-dev "Globalization"
cordova-plugin-network-information 1.0.1 "Network Information"
cordova-plugin-splashscreen 2.1.0 "Splashscreen"
cordova-plugin-statusbar 1.0.1 "StatusBar"
cordova-plugin-whitelist 1.0.0 "Whitelist"
nl.x-services.plugins.toast 2.0.4 "Toast"
plugin.google.maps 1.2.4 "phonegap-googlemaps-plugin"
plugin.http.request 1.0.0 "phonegap-http-request"

How to determine which plugin is source of the issue ?

Here's console log:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http://ws.tectime.be http://www.infotec.be data: gap: https://ssl.gstatic.com".
processMessage @ cordova.js:1073processMessages @ cordova.js:1107pollOnce @ cordova.js:976pollOnceFromOnlineEvent @ cordova.js:963



> CSP error in processMessage (cordova.js:1072)
> ---------------------------------------------
>
>                 Key: CB-9277
>                 URL: https://issues.apache.org/jira/browse/CB-9277
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 3.5.0
>         Environment: CCA 0.7.1   with cordova  com.chariotsolutions.nfc.plugin
>            Reporter: Morille Jerome
>
> With CCA 0.7.1 during processing NFC message with the plugins
> {code}
>   <plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>
> {code}
> the call of the plugin function (and when passing the nfc tags)
> {code}
>   nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );
> {code}
> the error is raised
> {code}
> Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src file: data: chrome-extension: https://ssl.gstatic.com".
> processMessage @ cordova.js:1070
> processMessages @ cordova.js:1104
> pollOnce @ cordova.js:973
> pollOnceFromOnlineEvent
> {code}
> The problem is writing directly in the code source of the following file
> n the file https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js
> line 1073 we have the eval that cause the bugs.. (like writted in the code)
> {code}
> function processMessage(message) {
>     var firstChar = message.charAt(0);
>     if (firstChar == 'J') {
>         // This is deprecated on the .java side. It doesn't work with CSP enabled.
>         eval(message.slice(1));
>     } else if (firstChar == 'S' || firstChar == 'F') {
>         var success = firstChar == 'S';
>         var keepCallback = message.charAt(1) == '1';
>         var spaceIdx = message.indexOf(' ', 2);
>         var status = +message.slice(2, spaceIdx);
>         var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
>         var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
>         var payloadMessage = message.slice(nextSpaceIdx + 1);
>         var payload = [];
>         buildPayload(payload, payloadMessage);
>         cordova.callbackFromNative(callbackId, success, status, payload, keepCallback);
>     } else {
>         console.log("processMessage failed: invalid message: " + JSON.stringify(message));
>     }
> }
> {code}
> please correct this code
> {code}
>     // This is deprecated on the .java side. It doesn't work with CSP enabled.
>     eval(message.slice(1));
> {code}
> https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org