downgrade regenerator-runtime due to unsafe eval usages #1062
Commits on Sep 4, 2020
-
Remove use-strict from js non modern js bundle
By default, rollup bundles js in strict mode. When regenerator-runtime is included in use-strict mode, they use a Function() call (which is like a slightly safer eval()) to initialize things. Specifically ```js Function("r", "regeneratorRuntime = r")(runtime); ``` Removing use-strict mode lets regenerator runtime init without any unsafe evals. Because strict mode javascript is a subset of regular javascript, this should not break any code. AFAIK there is no way to require a script tag to be in 'use strict' mode. T=https://yextops.zendesk.com/agent/tickets/347915 TEST=manual tested with a local apache httpd server added below line to .htaccess, which sets the CSP to the same as Syncreon also test csp with a `<meta>` tag tested both answers.js and answers.min.js
Commits on Sep 9, 2020
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.