Chrome Content Security Policy error when executing storeEval or execute Script

Just a couple days back a page I routinely scrape with Chrome Kantu Selenium IDE++ extension began to break. The following was in my log:

[info]
Executing:  | storeEval | var s="${amountTemp}"; Number.parseFloat(s.replace(/[$]/g,'')); | amount | 
[error]
Error in runEval code: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive....

I am not sure if I am getting this error because something changed on the page I am scraping or if the permissions granted to the Kantu extension changed. Is there any way to fix this in Kantu? My current workaround is using another extension that disables CSP, but I would rather not do that.

because something changed on the page

Yes, most likely something has changed on the page. For example, on github.com we see the same problem.

Is there any way to fix this in Kantu?

I will get back to you about this part.

Update: We found a solution for the CSP issue, and plan to release it with the Kantu (early) July update. Before that, we are releasing the June update in a few days with some amazing new commands :wink:

1 Like

This issue is solved with UI.Vision V5.0. Now all Selenium IDE-style flow control commands use the new executeScript_Sandbox internally. For more details see here:

This works great, thank you!

FWIW: I had a similar issue recently with the execute Script Selenium IDE command. The solution was to use execute Script_Sandbox.

[error] Error in executeScript code: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/".