This is a migrated thread and some comments may be shown as answers.

Refused to evaluate a string as JavaScript because 'unsafe-eval'

5 Answers 3312 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
neutcomp
Top achievements
Rank 2
neutcomp asked on 18 Jul 2017, 08:55 AM

Hello,

Recently I get this error when filling in something in a textbox in chrome. Does anybody have a glue why and how to solve this.

ExecuteCommand failed!
InError set by the client. Client Error:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https: 'unsafe-inline'".

BrowserCommand (Type:'Action',Info:'NotSet',Action:'InvokeJsFunction',Target:'ElementId (tagName: '',occurrenceIndex: '-1')',Data:'document.getElementsByTagName('input')[0].focus()',ClientId:'e0aa945a-25fb-49b3-83a5-e4b7da4f60bb',HasFrames:'False',FramesInfo:'',TargetFrameIndex:'-1',InError:'True',Response:'Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https: 'unsafe-inline'".
')
InnerException: none.

Thanks
Bjorn

5 Answers, 1 is accepted

Sort by
0
Nikolay Petrov
Telerik team
answered on 21 Jul 2017, 07:24 AM
Hello Bjorn,

Would you provide more information on this case please:
 
 - Do you run the product as an administrator?
 - Which is the Chrome version you are using for automation?
 - Which is the product version you are using?
 - Do you get this exception using other browsers?

Kind Regards,
Nikolay Petrov
Progress Telerik
 
The New Release of Telerik Test Studio Is Here! Download, install,
and send us your feedback!
0
neutcomp
Top achievements
Rank 2
answered on 21 Jul 2017, 07:35 AM

Sorry I forgot to update the status of the question.

It had to do something with changing the headers in IIS to make it more secure. The webmaster did not notifying us about this change. So he altered it after we found out he had changed something that causes to fail the website/scripts.

So everything works fine now :-)

0
Nikolay Petrov
Telerik team
answered on 21 Jul 2017, 04:03 PM
Hi Bjorn,

Thanks for the update! I appreciate that.

Best Regards,
Nikolay Petrov
Progress Telerik
 
The New Release of Telerik Test Studio Is Here! Download, install,
and send us your feedback!
0
Sample
Top achievements
Rank 1
answered on 13 Apr 2021, 09:56 AM

Hello,

 

I am facing below error while executing some payment gateway.

InError set by the client. Client Error:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://js.stripe.com".

BrowserCommand (Type:'Action',Info:'NotSet',Action:'InvokeJsFunction',Target:'ElementId (tagName: '',occurrenceIndex: '-1')',Data:'((window.top.Telerik && window.top.Telerik.TestStudio && window.top.Telerik.TestStudio.Common && window.top.Telerik.TestStudio.Common.DomProviders && window.top.Telerik.TestStudio.Common.DomProviders.DomProvideFactory && window.top.Telerik.TestStudio.Common.DomProviders.DomProvideFactory.getProvider().getElementByTagNameAndIndex(document, 'div', 50)) || document.getElementsByTagName('div')[50]).focus()',ClientId:'f340c1f8-2288-461c-a764-1ceef3126b1a',HasFrames:'False',FramesInfo:'',TargetFrameIndex:'-1',InError:'True',Response:'Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://js.stripe.com".
')

 

Kindly provide solution.

0
Elena
Telerik team
answered on 15 Apr 2021, 03:36 PM

Hello,

This type of error is caused by a Content Security policy set in a header in the HTTP responses from the tested application server, which does not allow 'unsafe-eval' to be used. However, the Test Studio extension for Chrome uses this function, as well as other, but this particular gets restricted by that security policy. 

Still there are few suggestions you can give a try to: 

Option 1: 
One possible workaround is to discuss the opportunities to have a test environment and build of the application under test, where the CSP imposed by his server is removed. That way you can continue testing the application against Chrome in that test environment. 

Option 2: 
In case the above option is not applicable for some reason, there is a workaround using Fiddler script editor - the idea is to intercept and modify the http traffic. This will require to have Fiddler running during these specific test runs and can affect slightly the performance.
Having these specifics in mind, here is what is necessary: 

- open Fiddler Script Editor
- modify the OnBeforeResponse(oSession: Session) function to perform the following custom script:

if (oSession.oResponse.headers.Exists("Content-security-policy")) {
oSession["ui-backcolor"] = "lime";
oSession["ui-bold"] = "removing CSP";
oSession.oResponse.headers.Remove("Content-security-policy");
}
 
if (oSession.oResponse.headers.Exists("X-Content-security-policy")) {
oSession["ui-backcolor"] = "lime";
oSession["ui-bold"] = "removing CSP";
oSession.oResponse.headers.Remove("X-Content-security-policy");

Then, you can run the recorded test and this will allow Test Studio to execute the required scripts on the page. 

I hope that these notes will be helpful for you. In case you have any further questions, please, let us know.

Regards,
Elena
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Test Studio course! Check it out at https://learn.telerik.com/.
Tags
General Discussions
Asked by
neutcomp
Top achievements
Rank 2
Answers by
Nikolay Petrov
Telerik team
neutcomp
Top achievements
Rank 2
Sample
Top achievements
Rank 1
Elena
Telerik team
Share this question
or