dart2js and disallow unsafe eval changes #13547
Comments
|
See also this announcement: We have removed the option '--disallow-unsafe-eval' from dart2js. Who is affected? Developers of Chrome extensions or developers who serve JavaScript code with a header Content-Security-Policy: script-src 'self'. This policy disallows using 'eval' and 'new Function' in JavaScript code. How do I update my code? Remove the option '--disallow-unsafe-eval' from your build scripts. The compiler will always generate two JavaScript output files: Why did this change happen? This change was made to simplify the user experience (one less option), and to simplify the implementation of CSP mode in dart2js. This allowed us to support 'dart:mirrors' in CSP mode which wasn't supported before. We have monitored test cycle times and benchmarks, and generating this additional file doesn't seem to have any measurable effect. When will the change take effect? This change is already landed in bleeding_edge, and should make it to the next stable build. Where can I learn more? If you're interested in learning more about CSP, see: http://developer.chrome.com/extensions/contentSecurityPolicy.html If you want to learn how to parse a "CSP policy policy", see http://www.w3.org/TR/2012/CR-CSP-20121115/#parsing |
sethladd
added
type-task
Priority-Unassigned
area-documentation
"The --disallow-unsafe-eval option has been removed. Instead, dart2js will produce a file called precompiled.js. This file complies to CSP script-src: 'self' restrictions."
The text was updated successfully, but these errors were encountered: