javascript - Chrome 扩展拒绝将字符串评估为 JavaScript，因为 emscripten 生成的文件中有 'unsafe-eval'

Question

我正在尝试在我的 Chrome 插件中加载一个 wasm 模块。 Chrome 提示 emscripten 生成的 wasm 模块中的以下函数。它在以下 js 上跳闸

未捕获的 EvalError:拒绝将字符串评估为 JavaScript，因为“unsafe-eval”不是以下内容安全策略指令中允许的脚本源:“script-src 'self' blob:文件系统:”。

function createNamedFunction(name, body) {
      name = makeLegalFunctionName(name);
      /*jshint evil:true*/
      return new Function(
          "body",
          "return function " + name + "() {\n" +
          "    \"use strict\";" +
          "    return body.apply(this, arguments);\n" +
          "};\n"
      )(body);
    }

我正在 background.html 文件中加载脚本，这样它就可以作为一个模块运行。 .

<script type="module" src="../js/background.js"></script>
<script type="module" src="../js/AudioWorkletProcessor.js"></script>
<script type="module" src="../js/kernel.wasmmodule.js"></script>

人们如何在他们的插件中使用 Web Assembly 解决这个问题？

Answer 1

-s NO_DYNAMIC_EXECUTION=1 从生成的代码中删除 eval() 和 new Function()。

https://github.com/emscripten-core/emscripten/blob/master/src/settings.js#L1030

When set to 0, we do not emit eval() and new Function(), which disables some functionality (causing runtime errors if attempted to be used), but allows the emitted code to be acceptable in places that disallow dynamic code execution (chrome packaged app, privileged firefox app, etc.). Pass this flag when developing an Emscripten application that is targeting a privileged or a certified execution environment, see Firefox Content Security Policy (CSP) webpage for details: https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS/CSP When this flag is set, the following features (linker flags) are unavailable: --closure 1: When using closure compiler, eval() would be needed to locate the Module object. -s RELOCATABLE=1: the function Runtime.loadDynamicLibrary would need to eval(). --bind: Embind would need to eval(). Additionally, the following Emscripten runtime functions are unavailable when DYNAMIC_EXECUTION=0 is set, and an attempt to call them will throw an exception:

• emscripten_run_script(),
• emscripten_run_script_int(),
• emscripten_run_script_string(),
• dlopen(),
• the functions ccall() and cwrap() are still available, but they are restricted to only being able to call functions that have been exported in the Module object in advance.

When set to -s DYNAMIC_EXECUTION=2 flag is set, attempts to call to eval() are demoted to warnings instead of throwing an exception.