Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
tree: ae2adc5dd7

Fetching latest commit…

Cannot retrieve the latest commit at this time

..
Failed to load latest commit information.
README.md
background.js
iframe.html
iframe.js
main.html
main.js
manifest.json

README.md

Sample that shows how to eval() JavaScript code while still complying with the strict Content Security Policy (CSP) used by packaged apps.

The main.html/main.js window contains a <textarea> with a code snippet that needs to be eval()-ed. When the "Eval" button is pressed, it creates a sandboxed iframe and sends the code string to it via window.postMessage(). The sandboxed iframe (source in iframe.html and iframe.js) is not restricted by the app's CSP, so it can eval() the string it receives, and postMessage() the result of running the evaluated code back.

Something went wrong with that request. Please try again.