stackoom
  简体   繁体   中英

How to get unsafe-eval compliant Fabric js and lodash js

 原文  2017-11-17 13:00:41       javascript/ angular/ lodash/ fabricjs/ websecurity

Question

Using lodash and fabric js in my application but both are not as per Content Security Policy (CSP).

Showing error as: 

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' ".

Is there any way to get CSP compliant lodash and fabric js both?

1 answers

solution1
 1 ACCPTED  2017-11-22 09:21:10

The new default build of fabricJS has removed named accessors to get rid of some eval.

Fabric cannot be built yet eval safe since patterns and clipTo are not removable.

We are working on it to remove all the functionalities that require code restoring from string and swapping them with something similar but without eval

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Content Security Policy 'unsafe-eval': How to avoid using eval() in javascript jquery.timer.js? chrome packaged app doesn't allows unsafe-eval in knockout.js 'unsafe-eval' on chrome extension Google Charts unsafe-eval CSP: How to allow unsafe-eval for a given URI prefix (Firefox) 'unsafe-eval' is not an allowed source of script Adding 'unsafe-eval' to existing chrome extension CSP safe usage of 'unsafe-inline' 'unsafe-eval' How to fix "unsafe-eval" error with Vue3 for the client-side version? How to fetch JavaScript from server, track download progress, and not use `unsafe-eval` in Content-Security-Policy?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM