mediapipe icon indicating copy to clipboard operation
mediapipe copied to clipboard

Published 20 hours ago verified publisher icon google-ai-edge

Selfie Segmentation (Javascript) requires unsafe-eval

Open mark-beeby opened this issue 3 years ago • 2 comments

System information (Please provide as much relevant information as possible)

  • Browser and version (e.g. Google Chrome, Safari) if the issue happens on browser: Chrome 102
  • Programming Language and version ( e.g. C++, Python, Java): Javascript
  • MediaPipe version: v0.8.10 (NPM @mediapipe/[email protected])
  • Solution ( e.g. FaceMesh, Pose, Holistic ): Selfie Segmentation

Describe the current behavior:

Selfie Segmentation is now totally incompatible with Chrome Extensions as it requires unsafe-eval, Chrome have recently revoked this option from extensions without exception (Manifest v3) and so today there is no workaround. The eval occurs through the use of dynamically generated functions, as seen in:- https://cdn.jsdelivr.net/npm/@mediapipe/[email protected]/selfie_segmentation_solution_simd_wasm_bin.js.

Describe the expected behavior:

Selfie Segmentation should not require unsafe-eval, as this is no longer an option for Chrome Extension developers. emscripten also no longer requires the offending dynamic execution: https://github.com/emscripten-core/emscripten/issues/5911

Standalone code to reproduce the issue: Provide a reproducible test case that is the bare minimum necessary to replicate the problem. If possible, please share a link to Colab/repo link /any notebook:

https://ostap0207.github.io/mediapipe-selfie-segmentation-csp/index.html Code: https://github.com/ostap0207/mediapipe-selfie-segmentation-csp/blob/master/index.html This page has SCP set to disallow unsafe-eval.

Error in the console:

selfie_segmentation_solution_wasm_bin.js:9 Uncaught (in promise) EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src https://cdn.jsdelivr.net".
    at new Function (<anonymous>)
    at createNamedFunction (selfie_segmentation_solution_wasm_bin.js:9)
    at extendError (selfie_segmentation_solution_wasm_bin.js:9)
    at selfie_segmentation_solution_wasm_bin.js:9
    at qa.h (selfie_segmentation.js:50)
    at ta (selfie_segmentation.js:14)
    at ua.next (selfie_segmentation.js:15)
    at selfie_segmentation.js:40
    at new Promise (<anonymous>)
    at Y (selfie_segmentation.js:40)

There was a similar issue reported last year, but at the time developers had workarounds, given these are no longer available I'm very much hoping we can get this issue more attention.

mark-beeby avatar Jun 23 '22 14:06 mark-beeby

@sureshdagooglecom / @kuaashish - a quick glance down the issues list shows @mhays-google no longer seems to support the MediaPipe project and this issue is likely to die without comment. Is there anyone else that might be able to input here?

mark-beeby avatar Jun 27 '22 13:06 mark-beeby

hi - any updates on this please?

JamesOughton-about avatar Sep 07 '22 17:09 JamesOughton-about

Hi, Is there any update on this issue?

github-itsec-oculavis avatar Sep 26 '22 11:09 github-itsec-oculavis

Any update? Same goes for hands and holistic packages as well :/

wolodev avatar Nov 08 '22 18:11 wolodev

I am facing the same issue with the holistic package when I am migrating a chrome extension from manifest v2 to v3... is there any update?

desi-dimitrova avatar Jan 16 '23 18:01 desi-dimitrova

I too have this issue. I can no longer update my Chrome Extension which uses Manifest v2 and Holistic does not work with Manifest v3. What are our options here? Thanks.

nskaiser avatar Jan 16 '23 21:01 nskaiser

Actually options are limited. It would be doable with sandboxes pages, but currently they are bugged. Bug in chromium to follow: https://bugs.chromium.org/p/chromium/issues/detail?id=1247690. @nskaiser @desi-dimitrova I don't know if the solution I came up with will work for you, but I load mediapipe inside Iframe(and open camera etc from there) and communicate the results via post-message.

wolodev avatar Jan 16 '23 21:01 wolodev

Thanks for the suggestion. It unfortunately won't work for our application. This will prevent most new Chrome Extensions from utilizing MediaPipe so hopefully it can be addressed soon.

nskaiser avatar Jan 18 '23 16:01 nskaiser

To migrate selfie segmentation from manifest V2 to V3 without using the unsafe-eval. You will have to replace the files with the one in the link below . Which worked for me in my project. https://cdn.jsdelivr.net/npm/@mediapipe/[email protected]/

SridhuSekar avatar Mar 30 '23 11:03 SridhuSekar

Hello @mark-beeby, We are upgrading the MediaPipe Legacy Solutions to new MediaPipe solutions However, the libraries, documentation, and source code for all the MediaPipe Legacy Solutions will continue to be available in our GitHub repository and through library distribution services, such as Maven and NPM.

You can continue to use those legacy solutions in your applications if you choose. Though, we would request you to check new MediaPipe solutions which can help you more easily build and customize ML solutions for your applications. These new solutions will provide a superset of capabilities available in the legacy solutions.

kuaashish avatar May 02 '23 10:05 kuaashish

This issue has been marked stale because it has no recent activity since 7 days. It will be closed if no further activity occurs. Thank you.

github-actions[bot] avatar May 10 '23 01:05 github-actions[bot]

This issue was closed due to lack of activity after being marked stale for past 7 days.

github-actions[bot] avatar May 17 '23 01:05 github-actions[bot]

Are you satisfied with the resolution of your issue? Yes No

google-ml-butler[bot] avatar May 17 '23 01:05 google-ml-butler[bot]

The problem is not solved. unsafe-eval - worst decision.

mmerezhko-hv avatar Oct 06 '23 12:10 mmerezhko-hv