unsafe-eval, required for nunjucks and RJSF, isn't allowed in MV3

[fregante]

This line is causing an error for every brick with text input. I don't think there's any way around this, as it's not a CWS-related restriction as previously suggested, but a hardcoded MV3 limitation that blocks eval entirely.

pixiebrix-extension/src/analysis/analysisVisitors/templateAnalysis.ts

Line 88 in fa9ecc1

new Template(expression.__value__, undefined, undefined, true);

Previously mentioned

• #2946 Error thrown on Custom form submit #3019 (comment)
• Support RJSF Schema validation in strict CSP #3059
• Remove 'unsafe-eval' from CSP #4387

External links (no solution)

• Use with a Content Security Policy that prohibits unsafe-eval? mozilla/nunjucks#298
• Use Environment.renderString with a Content Security Policy that prohibits unsafe-eval? mozilla/nunjucks#1383
• wOxxOm on StackOverflow: "The error message means you can't use unsafe-eval in MV3"

Repro

1. Build MV3

   MV=3 npm run watch

2. Open any bricks in the page editor

[twschiller]

We have a couple options here I think:

• Sandbox: Move template engine and brick evaluation to Chrome sandbox #105
• Userscripts which will be supported in MV3: User scripts in Manifest V3 w3c/webextensions#279

I had added this point to the agenda of the w3c kickoff meeting on userscripts, but unfortunately had the drop off the call before it was discussed. I will prioritize clarifying the behavior for MV3

[fregante]

Note that neither one is available from the background worker because they either require a full tab or an iframe. Also possible bug that might affect us:

• https://bugs.chromium.org/p/chromium/issues/detail?id=1247690

Sandbox

The sandbox sounds like the right way to do this, either in the content script or page editor:

• https://developer.chrome.com/docs/extensions/mv3/manifest/sandbox/
• https://developer.chrome.com/docs/extensions/mv3/sandboxingEval/

Userscripts

Unless Userscripts directly support unsafe-eval within them (which is TBD), they could become incredibly involved and slow due to messaging and probably because the "userscript" would be the raw compiled nunjucks/RJSF javascript string. Let's keep this as a last resort (also because they don't exist in Chrome yet).

Related: https://developer.chrome.com/docs/extensions/mv3/known-issues/#userscript-managers-support

[fregante]

I can work on the sandbox issue for this then. I will look into implementing a barebones connectable sandbox, possibly one that pre-loads nunjucks in order to evaluate the templates in it:

• Move template engine and brick evaluation to Chrome sandbox #105

[twschiller]

Note that neither one is available from the background worker because they either require a full tab or an iframe

IIRC, we don't evaluate templates from the background page anyway. (The original design always used contentScript due to security/performance reasons)

If we do need to run from background page, there's an offscreen documents proposal: w3c/webextensions#170

[fregante]

• Closing in favor of Move template engine and brick evaluation to Chrome sandbox #105

unsafe-eval is available in the sandbox 🎉