No announcement yet.
  • Filter
  • Time
Clear All
new posts

  • Isomorphic
    This is not a supported setting, as it would cripple the software and make many key features impossible.

    It is also a useless setting, as there are many other ways of doing an unsafe eval() without calling the eval function per se.

    If you believe the framework contains any unsafe evals, please submit a test case showing how they can be exploited.

    Leave a comment:

  • pchawla
    started a topic Content Security Policy -unsafe eval

    Content Security Policy -unsafe eval

    We have a requirement where we want to remove "unsafe-eval" from CSP header for security concerns. On removing unsafe-eval from "script-src" directive in CSP header, isomorphic code breaks in ISC_Core.js because we are using new Function() in that file. Do we have support in isomorphic to achieve the same?