You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This library relies on using new Function(...) to obtain references to the global object. However, this approach causes problems in environments with strict CSP settings that do not allow the unsafe-eval directive. Including unsafe-eval in the CSP is considered a security risk. Additionally, there are certain environments, such as browser extensions, where we are unable to relax the CSP.
Therefore, it is advisable to avoid using new Function(...) or eval(...) altogether, or to use them as a last resort only when no other means of referencing the global object is available.
The text was updated successfully, but these errors were encountered:
gretzkiy
added a commit
to gretzkiy/EventEmitter2
that referenced
this issue
Jun 30, 2023
Hi,
This library relies on using
new Function(...)
to obtain references to the global object. However, this approach causes problems in environments with strict CSP settings that do not allow theunsafe-eval
directive. Includingunsafe-eval
in the CSP is considered a security risk. Additionally, there are certain environments, such as browser extensions, where we are unable to relax the CSP.Therefore, it is advisable to avoid using
new Function(...)
oreval(...)
altogether, or to use them as a last resort only when no other means of referencing the global object is available.The text was updated successfully, but these errors were encountered: