AngularJS uses eval in chrome extension -

the lates angularjs (1.3 beta 19) uses eval. prohibited in chrome extionsion.

how fix issue without allowing evals?

error message:

refused evaluate string javascript because 'unsafe-eval' not allowed source of script in following content security policy directive: "script-src 'self' chrome-extension-resource:".

stack trace:

angular.js:1011 csp angular.js:1011 (anonymous function) angular.js:23556 

update: see documentation of ng-csp https://docs.angularjs.org/api/ng/directive/ngcsp

outdated: looks angularjs fails detect csp in chrome extension. use explicit ng-csp. link angularjs issue: https://github.com/angular/angular.js/issues/8777

to quote documentation dmitry linked:

angular tries autodetect if csp active , automatically turn on csp-safe mode. autodetection triggers csp error logged in console:

refused evaluate string javascript because 'unsafe-eval' not allowed source of script in following content security policy directive: "default-src 'self'". note 'script-src' not explicitly set, 'default-src' used fallback.

this error harmless annoying. prevent error showing up, put ngcsp directive on root element of application or on angular.js script tag, whichever appears first in html document.