Sapan Diwakar

Software developer

Follow me on Twitter Check out my code on GitHub View some of my designs on Dribbble Take a look at my Linked In profile

Eval JavaScript Code in Chrome Packaged App

Chrome packaged apps don't allow using eval or alternative expressions like new Function() to evaluate arbitrary JavaScript code at runtime. Chrome allows adding an unsafe-eval content security policy to its extensions to enable this, but for packaged apps, that is not an option. If you really need a way to bypass this security policy in apps, there is one solution though. You would need to save the JavaScript code as a file on the local filesystem using HTML5 FileSystem API. You can then include the script in your page to execute the JavaScript.

First step is to request the filesystem:

        navigator.webkitPersistentStorage.requestQuota(FILESYSTEM_RESOURCES_QUOTA_MB * 1024 * 1024, function (grantedBytes) {
    console.log('Granted ' + grantedBytes + ' bytes for filesystem.');
    window.webkitRequestFileSystem(window.PERSISTENT, grantedBytes, onInitFs, errorHandler);
}, errorHandler);

function onInitFs(fs) {  
    // File system initialized

After initializing the file system, we can create a temporary app on the filesystem and the load the script:

fs.root.getFile('my-script.js', {create: true}, function(fileEntry) {  
    // Create a FileWriter object for our FileEntry (log.txt).
    fileEntry.createWriter(function(fileWriter) {

        fileWriter.onwriteend = function(e) {
            console.log('Write completed.');

            // Execute the script 

        fileWriter.onerror = function(e) {
            console.log('Write failed: ' + e.toString());

        // Create a new Blob and write it to my-script.js.
        var blob = new Blob([scriptText], {type: 'text/plain'});
    }, errorHandler);
}, errorHandler);