Chrome packaged apps don’t allow using eval or alternative expressions like new Function() to evaluate arbitrary JavaScript code at runtime. Chrome allows adding an unsafe-eval content security policy to its extensions to enable this, but for packaged apps, that is not an option. If you really need a way to bypass this security policy in apps, there is one solution though. You would need to save the JavaScript code as a file on the local filesystem using HTML5 FileSystem API. You can then include the script in your page to execute the JavaScript.
First step is to request the filesystem:
navigator.webkitPersistentStorage.requestQuota(FILESYSTEM_RESOURCES_QUOTA_MB * 1024 * 1024, function (grantedBytes) {
console.log('Granted ' + grantedBytes + ' bytes for filesystem.');
window.webkitRequestFileSystem(window.PERSISTENT, grantedBytes, onInitFs, errorHandler);
}, errorHandler);
function onInitFs(fs) {
// File system initialized
}After initializing the file system, we can create a temporary app on the filesystem and the load the script:
fs.root.getFile('my-script.js', {create: true}, function(fileEntry) {
// Create a FileWriter object for our FileEntry (log.txt).
fileEntry.createWriter(function(fileWriter) {
fileWriter.onwriteend = function(e) {
console.log('Write completed.');
// Execute the script
$.getScript(fileEntry.toURL());
};
fileWriter.onerror = function(e) {
console.log('Write failed: ' + e.toString());
};
// Create a new Blob and write it to my-script.js.
var blob = new Blob([scriptText], {type: 'text/plain'});
fileWriter.write(blob);
}, errorHandler);
}, errorHandler);