I am tring to use AJV JSON schema validator in my chrome app. But I am getting the error
EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' blob: filesystem: chrome-extension-resource:".
It happens during execution of
var validate = ajv.compile(schema);
As I understand AJV uses dynamic code generation and eval() to validate JSON which is forbidden by CSP.
Is there a way to use AJV in chrome apps?
Or is there some other JSON schema validator which could be used in chrome apps?
If some library that you want to use is incompatible with Chrome CSP, then you can use it inside a sandbox.
This is well documented, and has a concrete example and a whole dedicated article "Using eval in Chrome Extensions. Safely."
The downside is that you can't write code that uses both Chrome API and the library. You need to separate this and communicate between two scripts.