This sample creates a sandboxed iframe (
sandbox.html) to which the main page (
passes a counter variable. The sandboxed page uses the
Handlebars template library to evaluate and compose a message
using the counter variable which is then passed back to the main page for rendering.
The default packaged app Content Security Policy (CSP) value
disallows the use of
new Function() (or variants like
Function.apply()) so using a
sandbox is necessary for this process. To enable sandboxing in your app you
sandbox property to your app's manifest file.
See more info on using eval safely in packaged apps.