I exported a game in HTML5 mode and I noticed some of the JavaScript code makes use of the eval method. The eval method breaks the content security policy on our website, however the game I exported doesn’t seem to make use of it at all.
Is there a reason for using eval and how I can avoid coding something that might make use of the function in exported HTML5 versions of a game?
We don’t really use eval
very much, it appears it may be used in one of the following cases:
- Using
ExternalInterface.call
- Using
openfl.display.Loader
to load a JavaScript file
- Using JS frame scripts in
openfl.display.MovieClip
, but there is no public API exposing that functionality (at the moment)
These are unusual cases, so you should not be running into eval
use in your project, probably
1 Like
You may be able to remove the eval()
calls using dead code elimination. To enable this (and minify your code while you’re at it), compile using the -final
flag. If you want DCE without minification, use -dce full
instead.
1 Like