Hello,
I’m trying to use an HTML embed in WeWeb, but I keep encountering this error:
“Content Security Policy of your site blocks the use of ‘eval’ in JavaScript.”
The issue is that I’m not using eval() in my own code at all. After some investigation, it seems that WeWeb itself relies on eval() internally, yet the platform’s own Content Security Policy (CSP) is blocking its use.
As a result, nothing loads or functions properly—every attempt to use an HTML embed triggers this CSP error.
To test further, I even created a brand new project with nothing added, and upon publishing, the same eval() error appeared. This suggests the problem is rooted in WeWeb’s base configuration rather than anything in my custom code.
It seems like a contradiction: WeWeb appears to require eval() for embeds or other functionality, but its own CSP settings prevent it from running. Could you please confirm if this is a known issue or a bug?
Here is my weweb page link that isnt loding the chat I have in html-embed: https://e66fefdc-09f6-4e38-995d-c8e1cbda74bc.weweb-preview.io/
However this does not work and cant be used to message and it should look like below:
But nothing is loading or working in html
Any guidance or workaround would be greatly appreciated.
Thank you!