chore: update content security policy of sandbox
diff --git a/src/editor/sandbox/setup.js b/src/editor/sandbox/setup.js
index 1a0a903..1455f22 100644
--- a/src/editor/sandbox/setup.js
+++ b/src/editor/sandbox/setup.js
@@ -46,7 +46,9 @@
const endTime = performance.now();
sendMessage({
evt: 'optionUpdated',
- option: JSON.stringify(chart.getOption()),
+ option: JSON.stringify(chart.getOption(), (key, val) =>
+ echarts.util.isFunction(val) ? val + '' : val
+ ),
updateTime: endTime - startTime
});
return res;
@@ -174,6 +176,9 @@
'globalThis',
'location',
'histroy',
+ 'eval',
+ 'execScript',
+ 'Function',
// PENDING: create a single panel for CSS code?
'var css, option;' +
handleLoop(compiledCode) +
@@ -195,6 +200,9 @@
win,
win,
win.location,
+ void 0,
+ void 0,
+ void 0,
void 0
);
diff --git a/src/editor/sandbox/srcdoc.html b/src/editor/sandbox/srcdoc.html
index b59f0c1..cd0752d 100644
--- a/src/editor/sandbox/srcdoc.html
+++ b/src/editor/sandbox/srcdoc.html
@@ -3,7 +3,7 @@
<head>
<meta
http-equiv="content-security-policy"
- content="frame-src 'self' *.apache.org"
+ content="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.apache.org *.jsdelivr.net *.jsdelivr.com *.unpkg.com *.baidu.com cdnjs.cloudflare.com; frame-src 'self' *.apache.org; object-src 'none';"
/>
<style>
* {
