SAFE Browser error with window.eval


#1

I’m debugging a Solid app using my solid-safe-client library in SAFE Browser.

As far as I can see none of the app code or dependencies are using window.eval but SAFE Browser is complaining about it, saying ‘Sorry, peruse does not support window.eval()’.

Uncaught Error: Sorry, peruse does not support window.eval().
    at window.eval.global.eval (/home/mrh/safe-releases/2017-09-21_Alpha_2/safe-browser-v0.11.2-linux-x64-dev/resources/app.asar/app/webPreload.prod.js:sourcemap:1)
    at Object../node_modules/react-dev-utils/webpackHotDevClient.js (0.chunk.js:5312)
    at __webpack_require__ (bundle.js:782)
    at fn (bundle.js:150)
    at Object.0 (main.chunk.js:750)
    at __webpack_require__ (bundle.js:782)
    at checkDeferredModules (bundle.js:46)
    at Array.webpackJsonpCallback [as push] (bundle.js:33)
    at main.chunk.js:1

From this it looks like I’m encountering it in the React dev tools / hot relaod area. Does this seem likely. I’m running using npm start in the root of the Solid app (solid-filemanager).

Any hints appreaciated. Thanks.


#2

It has to do with source maps. @Folatt encountered this issue before with NeutrinoJS. I encountered it with Vue and solved it by changing some source map settings.

Not sure what the proper route with React is.


#3

Thanks @bzee, I posted on StackOverflow:


#4

You could try and ‘eject’ the Webpack configuration files; and then configure the DevTool to use another source map.


#5

Bingo! Thanks a lot @bzee.

I used npm run eject and then in webpack.config.js replaced ‘eval-source-map’ with ‘cheap-module-source-map’.

EDIT: I created an issue requesting window.eval() be available jan the SAFE Browser Dev build:


#6

window.eval is manipulated here, a file which is injected into each webview instance, underlying each tab.

When we outlawed window.eval I had to find a solution for the API playground, which relied on eval:

function evalSnippet(string) {
  return Function(`return ${string};`)();
}

In your case, is it possible for your client script to redefine the window.eval operation before your 3rd party dep calls it?

window.eval = global.eval = (string) => Function(`return ${string};`)();

Let me see if I can make time this evening to confirm myself.

@happybeing Do you have a minimum reproducible example that I can use right quick?


#7

Thanks Hunter.

I think that would help, but if this were changed in Dev build that would be ideal (even if opt-in with a setting). I filed an issue yesterday requesting that.

I haven’t created a repo for the app yet, but think if you use the unadulterated app below you will see the issue. You will get some other errors, and cause a Google fonts page to open in an http browser, but I have checked that this doesn’t interfere with the running of my version of this app, and the changes I made are trivial.

If using that doesn’t work let me know and I’ll push my code.