Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove eval function #24

Closed
euharrison opened this issue Feb 19, 2016 · 3 comments
Closed

Remove eval function #24

euharrison opened this issue Feb 19, 2016 · 3 comments

Comments

@euharrison
Copy link
Contributor

Hi! I received an alert from my host that the script has a suspicious eval() code, this is the alert:

12637151_955493134530531_662725185_o

Debugging it I found that this code came from here https://github.com/auth0/jwt-decode/blob/master/build/jwt-decode.js#L56

Do you think that we have a workaround with this eval function?
@jfromaniello
Copy link
Member

It is using eval as a fallback when there is no JSON support in the browser... maybe we can remove that since it seems is already supported in every major browser:

http://caniuse.com/#feat=json

and if the developer really needs to support old browser he can polyfill on their own before loading this library.

@sandstrom
Copy link

@jfromaniello sounds like a great solution! JSON is widely supported, and there are good polyfills available for those rare, old browsers.

This was referenced Mar 5, 2016
Closed
Merged
@jfromaniello
Copy link
Member

thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sandstrom @jfromaniello @euharrison