Enable a "new feature" in a web worker using CSP

Question

Enable a "new feature" in a web worker using CSP

I'm having trouble getting a new Function to work in Web Worker. I have an HTML page in which a web worker appears. This web worker executes code through new Function(str) . I am trying to use this in a packaged Chrome application that requires a page using the eval code to be explicitly specified as an isolated page in the manifest.

Now there are two options:

Make a list for the sandbox. If I do this, I can use the new Function , but I cannot create a web artist because I cannot make any requests (the sandbox has a unique origin). new Worker(...) throws a SECURITY_ERR .
- new Function works in the sandbox
- new Worker fails in sandbox due to unique origin
Do not list the page for the sandbox. If I do this, I can create a web worker, but the worker cannot use the new Function because it is not isolated. new Function(...) raises an EvalError complaining about its use.
- new Function does not work in non-sandbox due to eval -like
- new Worker runs in a non-sandbox

My CSP is as follows:

 sandbox allow-scripts script-src 'self' 'unsafe-eval'; object-src 'self'

What can I do to get a new Function working with a web worker?

+6

javascript google-chrome web-worker content-security-policy function-constructor

pimvdb Jan 20 '13 at 15:43

source share

1 answer

molnarg · Accepted Answer · 2013-01-23T13:40:58+0000

There, a method called built-in workers, I would suggest using it.

Create a blob containing the source code for the working
Convert it to "dataurl"
Create an instance of a working document using this dataurl

This is described by sample code on the HTML5 stones site in the WebWorkers tutorial. Thus, you can list the site as a sandbox, but since there is no need to perform external requests, it should also work in isolated mode.

Enable a "new feature" in a web worker using CSP

More articles: