New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove new Function
calls
#22
Conversation
@devongovett did you get a chance to look at this? |
This change would be very helpful so that this library can be used with a secure CSP. |
Apologies cause I'm still a bit newbie on these github issues. Considering that "this branch has no conflicts with the base branch", does it mean that the issue is already solved or immediately solvable? Thank you so much in advance |
"no conflicts" just means that the branch can be merged without a user having to manually fix conflicts. It does not guarantee integrity of the actual code - it could very well contain a syntax error… It is the testing that matters, and that is passing; but the code coverage has some complaints… @devongovett, would you have any time to look into this? |
Thanks for the clarification.
…On Thu, 3 May 2018, 14:55 firien, ***@***.***> wrote:
"no conflicts" just means that the branch can be merged without a user
having to manually fix conflicts. It does not guarantee integrity of the
actual code - it could very well contain a syntax error…
It is the testing that matters, and that is passing; but the code coverage
has some complaints…
@devongovett <https://github.com/devongovett>, would you have anytime to
look into this?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#22 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADzODUhuTq74RzGNHV-L0nAzJOamT65Tks5tuv5RgaJpZM4LeTSQ>
.
|
@firien I'm running your fix in a local build of devongovett/pdfkit, and it has removed the unsafe-eval warnings, but Its taking many (guessing at least 10) times longer to generate the pdf. Did you notice any significant performance degradation in your usage? |
I actually don't use it in production; I still use an older But, I just wired it up and didn't notice any difference in speed. Although I am generating very small PDFs, both versions were taking ~300ms. I can see how making an Array and reducing it may generate some overhead. @devongovett would know better than I if this function is cache-able. |
Thanks for checking. I believe it to be a problem with my local build process. |
+1 |
From initial PR:
According to @ArthurClemens, the answer is: it can be a property chain. There should probably be some local tests for this. |
updated for es6 |
@devongovett, this PR has been updated for ES6, can you please review it? Any feedback would be appreciated. |
Closing in favor of #34. This is an API change though, so it'll be a major version bump. |
new Function
may violate some sites Content Security Policy which can disable evals. All tests are passing, but I don't know if you want to replicate the conditional existence of these functions and throw errors. For instance throw an error ifrelativeToGetter
is called and@options.relativeTo
is not defined.I'm also not sure what is allowed as
@type
forVersionedStruct
- is it always a string representing a single property? or can it be a chain like@options.relativeTo
onPointer