After inserting the ExpressiveAnnotations (expressive.annotations.validate.js) into my application and triggering an input to be validated the browser shows a error message (see below). I don't think the Problem comes from my code rather a configuration issue.
I already found that this line (inside the ExpressiveAnnotations) causes the problem:
ctxEval: function(exp, ctx) { // evaluates expression in the scope of context object
return (new Function('expression', 'context', 'with(context){return eval(expression)}'))(exp, ctx); // function constructor used on purpose (a hack), for 'with' statement not to collide with strict mode, which
// is applied to entire module scope (BTW 'use strict'; pragma intentionally not put to function constructor)
}
The error message which is shown:
[fail] (16:14:32): EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
To solve the problem I set the CSP to the following value:
"content_security_policy": "script-src 'self' 'unsafe-eval';