You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using synaptic in a third-party product on the client side (basically a our code is being injected to our client's website).
We encountered an issue with a website that uses CSP (Content-Security-Policy) and does not allow 'unsafe-eval'.
Eval includes all method of executing string through javascript code:
eval('var x = 1');
new Function('var x = 1');
It seems that the library is using 'new Function' in couple of places.
After further investigation I realized that this code can be refactored to not use 'new Function' but native code.
I can help fixing this issue, I just want to know if there is a "real" reason for using this method rather than an actual code.
The text was updated successfully, but these errors were encountered:
I'm using synaptic in a third-party product on the client side (basically a our code is being injected to our client's website).
We encountered an issue with a website that uses CSP (Content-Security-Policy) and does not allow 'unsafe-eval'.
Eval includes all method of executing string through javascript code:
It seems that the library is using 'new Function' in couple of places.
After further investigation I realized that this code can be refactored to not use 'new Function' but native code.
I can help fixing this issue, I just want to know if there is a "real" reason for using this method rather than an actual code.
The text was updated successfully, but these errors were encountered: