This sample creates a window containing a sandboxed iframe (
The sandbox uses
eval() function to write some HTML to its own document.
The default packaged app Content Security Policy (CSP) value
disallows the use of
new Function() (or variants like
Function.apply()) so using a
sandbox is necessary for this process. To enable sandboxing in your app you
sandbox property to your app's manifest file.
See more info on using eval safely in packaged apps.