-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question about eval and CSP #42
Comments
We actually forgot to add support for string parameter in var context = new JSContext();
context[KeyStrings.eval] = new JSFunction((in Arguments a) => throw context.NewTypeError("Not supported"));
context["Function"] = new JSFunction((in Arguments a) => throw context.NewTypeError("Not supported")); Let me know if you face some issue. |
Hello,
Using version 1.1.220. |
I have added var context = new JSContext();
context.EvalEvent += (s, e) => throw context.NewTypeError("Eval not supported"); This should work. This event will be fired in |
Hi @ackava, this helped. Many thanks. |
We are happy that we were able to help you, please do not forget to put star and please promote our Engine on social media and on your blog when you get a chance. |
Hello,
I've got a tiny question (or feature request). Is there a way to enforce CSP when executing script using Yantra?
E.g. consider the following code:
returns undefined.
I am wondering if there is a way to configure yantra to throw an exception when doing dynamic JavaScript evaluation, e.g.
eval(str)
,new Function(str)()
or string arguments forsetTimeout
andsetInterval
functions?Many thanks.
The text was updated successfully, but these errors were encountered: