CSP violations due to use of new Function() #258
Comments
|
Hmm, I didn't know |
|
Ah sorry - have updated to the actual issue (js-data/js-data-angular#242) |
|
My proposed fix is to add a flag that forces the library to not execute the code that raises the CSP violation warning. Is that sufficient? |
|
@nealedj Thoughts? |
|
Sorry @jmdobry - was going to give that a test today but haven't got round to it yet. The fix looks perfect though. |
jmdobry
added a commit
that referenced
this issue
Nov 4, 2015
|
Just to follow up - tested this and it works great. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It looks like
new Function()is used hereIt appears to be handled within the
try/catchbut it still raises a CSP violation in the browser.It'd be most excellent if there was a setting where this could be disabled and the fallback behaviour was always used. I see that this was suggested in this issue.
Thanks!
The text was updated successfully, but these errors were encountered: