This sample creates a window containing a sandboxed iframe (sandbox.html
).
The sandbox uses eval()
function to write some HTML to its own document.
The default packaged app Content Security Policy (CSP) value
disallows the use of
eval()
or new Function()
(or variants like Function.apply()
) so using a
sandbox is necessary for this process. To enable sandboxing in your app you
add the sandbox
property to your app's manifest file.
See more info on using eval safely in packaged apps.