Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not compatible with strict CSP due to new Function(..) #303

Open
gretzkiy opened this issue Jun 30, 2023 · 0 comments
Open

Not compatible with strict CSP due to new Function(..) #303

gretzkiy opened this issue Jun 30, 2023 · 0 comments

Comments

@gretzkiy
Copy link

Hi,

This library relies on using new Function(...) to obtain references to the global object. However, this approach causes problems in environments with strict CSP settings that do not allow the unsafe-eval directive. Including unsafe-eval in the CSP is considered a security risk. Additionally, there are certain environments, such as browser extensions, where we are unable to relax the CSP.

Therefore, it is advisable to avoid using new Function(...) or eval(...) altogether, or to use them as a last resort only when no other means of referencing the global object is available.
gretzkiy added a commit to gretzkiy/EventEmitter2 that referenced this issue Jun 30, 2023
@gretzkiy
Make universal global object reference
0259203 
This commit fixes EventEmitter2#303
@gretzkiy gretzkiy mentioned this issue Jun 30, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gretzkiy