Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Are you using eval? #6

Open
linonetwo opened this issue Feb 9, 2020 · 3 comments
Open

Are you using eval? #6

linonetwo opened this issue Feb 9, 2020 · 3 comments

Comments

@linonetwo
Copy link

I got this:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'nonce-iEsD2if45rrVbpVQzGD2Cw=='".
@tdelmas
Copy link

tdelmas commented Feb 16, 2020

Is is, with the Function syntax: https://github.com/mikolalysenko/box-intersect/blob/master/lib/brute.js#L138

@linonetwo
Copy link
Author

Maybe use something like patriksimek/vm2#85

@tdelmas tdelmas mentioned this issue Feb 16, 2020
Closed
@tdelmas
Copy link

tdelmas commented Feb 16, 2020

I don't think vm2 will help websites to use safe CSP with this project, also it may harm performances. Maybe an option could specify if we want to switch between the fast generated function, or a not-generated-function if the maintainer really want to keep the generated function?

@mikolalysenko are you interested in a PR to solve that problem? I really think it's important to allow websites to use a strong CSP.

@chejimmy chejimmy mentioned this issue May 31, 2023
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tdelmas @linonetwo