Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PhET ZIMs cannot run in local Chromium extension due to use of unsafe-eval #1105

Closed
Jaifroid opened this issue Sep 9, 2023 · 1 comment
Closed

PhET ZIMs cannot run in local Chromium extension due to use of unsafe-eval #1105

Jaifroid opened this issue Sep 9, 2023 · 1 comment
Labels
bug extensions Code relating to the production or running of browser extensions wontfix
Milestone
v4.1

Comments

@Jaifroid
Copy link
Member

Jaifroid commented Sep 9, 2023

Following in from #1104 and #865, although we fixed use of inline JS, unfortunately the proprietary UI of the PhET ZIMs uses eval, which is not allowed in local Chromium extension code. Hence loading the landing page fails with a blank page and no warning to the user. To run the ZIM, the user would need to switch to the remote extension code (browser-extension.kiwix.org). While most users would do this on first install of the app, there are lots of reasons (e.g. privacy, lack of ability to load remote code) why a user might have switched back.

Warning the user is tricky, because we cannot monitor every exception and filter. We can only test for something generic to PhET ZIMs that has failed to load, but then the code would need to be maintained so we don't get false positives.
@Jaifroid Jaifroid added bug extensions Code relating to the production or running of browser extensions labels Sep 9, 2023
@Jaifroid Jaifroid added this to the v4.0 milestone Sep 9, 2023
@Jaifroid Jaifroid modified the milestones: v3.11, v4.0 Nov 1, 2023
@Jaifroid Jaifroid modified the milestones: v4.0, v4.1 Feb 21, 2024
@Jaifroid
Copy link
Member Author

I think we can close as wontfix, because users are driven in the direction of using the remote code that can run inline JS, and we make it clear to them that if they use the local version some code won't run.

@Jaifroid Jaifroid closed this as not planned Won't fix, can't repro, duplicate, stale Mar 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug extensions Code relating to the production or running of browser extensions wontfix
Projects
None yet
Milestone
v4.1
Development

No branches or pull requests
1 participant
@Jaifroid