Uploaded image for project: 'Apache Cordova'
  1. Apache Cordova
  2. CB-9277

CSP error in processMessage (cordova.js:1072)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • 3.5.0
    • None
    • cordova-android
    • None

    • CCA 0.7.1 with cordova com.chariotsolutions.nfc.plugin

    Description

      With CCA 0.7.1 during processing NFC message with the plugins

        <plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>

      the call of the plugin function (and when passing the nfc tags)

        nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );

      the error is raised

      Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src file: data: chrome-extension: https://ssl.gstatic.com".
processMessage @ cordova.js:1070
processMessages @ cordova.js:1104
pollOnce @ cordova.js:973
pollOnceFromOnlineEvent

      The problem is writing directly in the code source of the following file
      n the file https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js

      line 1073 we have the eval that cause the bugs.. (like writted in the code)

      function processMessage(message) {
    var firstChar = message.charAt(0);
    if (firstChar == 'J') {
        // This is deprecated on the .java side. It doesn't work with CSP enabled.
        eval(message.slice(1));
    } else if (firstChar == 'S' || firstChar == 'F') {
        var success = firstChar == 'S';
        var keepCallback = message.charAt(1) == '1';
        var spaceIdx = message.indexOf(' ', 2);
        var status = +message.slice(2, spaceIdx);
        var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
        var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
        var payloadMessage = message.slice(nextSpaceIdx + 1);
        var payload = [];
        buildPayload(payload, payloadMessage);
        cordova.callbackFromNative(callbackId, success, status, payload, keepCallback);
    } else {
        console.log("processMessage failed: invalid message: " + JSON.stringify(message));
    }
}

      please correct this code

          // This is deprecated on the .java side. It doesn't work with CSP enabled.
    eval(message.slice(1));

      https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584

      Attachments

        Activity

          People

            Unassigned Unassigned
            jmorille Morille Jerome
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: