ngCsp
ng
Enables CSP (Content Security Policy) support.
This is necessary when developing things like Google Chrome Extensions.
CSP forbids apps to use eval or Function(string) generated functions (among other things).
For us to be compatible, we just need to implement the "getterFn" in $parse without violating
any of these restrictions.
AngularJS uses Function(string) generated functions as a speed optimization. By applying ngCsp
it is be possible to opt into the CSP compatible mode. When this mode is on AngularJS will
evaluate all expressions up to 30% slower than in non-CSP mode, but no security violations will
be raised.
In order to use this feature put ngCsp directive on the root element of the application.
<html ng-csp> ... </html>as class
<html class="ng-csp"> ... </html>
This example shows how to apply the ngCsp directive to the html tag.
<!doctype html> <html ng-app ng-csp> ... ... </html>