Sorry for all of these posts, I have never coded in my life before.
I am getting error
-
Executing: | storeEval | storedVars[‘Raw_CCC’].slice(8) | USD |
-
[error]
Error in runEval code: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘self’ https://assets.coinbase.com https://www.google-analytics.com/analytics.js https://static.statsjar.com/analytics/rsxdhm2zkI.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://gc.kis.v2.scr.kaspersky-labs.com wss://gc.kis.v2.scr.kaspersky-labs.com”.
I looked it up, and found the following:
Code like the following does not work:
alert(eval(“foo.bar.baz”));
window.setTimeout(“alert(‘hi’)”, 10);
window.setInterval(“alert(‘hi’)”, 10);
new Function(“return foo.bar.baz”);
Evaluating strings of JavaScript like this is a common XSS attack vector. Instead, you should write code like:
alert(foo && foo.bar && foo.bar.baz);
window.setTimeout(function() { alert(‘hi’); }, 10);
window.setInterval(function() { alert(‘hi’); }, 10);
function() { return foo && foo.bar && foo.bar.baz };
I don’t see a pattern to how these are being rewritten. How do I re-write my command so that this will work? I don’t know why this is happening, since the command should not be sent to the website to be executed, but performed inside Kantu.
I also saw that I could add "“content_security_policy”: “script-src ‘self’ ‘unsafe-eval’; object-src ‘self’” to my “policy” to relax security. Where do I put that in?
Thanks, Nathan