-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unnecessary eval prevents execution in CSP environment #121
Comments
JamesCullum
added a commit
to JamesCullum/json-forms
that referenced
this issue
Mar 13, 2018
See issue brutusin#121
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The script uses the command
eval
in line 1242. As far as I can see, this command is useless, as there are no other variables that require this function.However, usage of the
eval
command collides with Content-Security-Policies. Those usually deny this command and will block of the data insertation. Allowing this command will allow it everywhere and contradicts the purpose of CSP.Minor changes in the following PR will remove this command and allows it to run successfully in a CSP controlled environment.
The text was updated successfully, but these errors were encountered: