简体繁体中英

block eval() in CSP header Angular 8 project

原文 2021-02-10 12:02:56 5 1 javascript/ angular/ eval/ content-security-policy

Can I block the eval function in CSP-Header for a Angular project (when I don't use it directly) or a there any side effects which would lead to errors when the project is deployed?

Thanks

1 answers

If you set the default-src or script-src directives eval will be blocked unless you allow it with 'unsafe-eval'. If eval, setTimeout, setInterval or new Function is being called in any script it will be blocked. If you are concerned that something may break run Content-Security-Policy-Report-Only for a while and check the reports that are sent.

Content Security Policy (CSP) block eval method call

Why CSP header block jQuery on dev server, but work on localhost?

Javascript CSP Block

Self-project and CSP

Block eval && new Function

What are the eval()-related functions to be avoided when CSP is enabled?

CSP unsafe-eval using Google Maps API

eval gets executed even thought ng-csp directive is used

CSP: How to allow unsafe-eval for a given URI prefix (Firefox)

CSP safe usage of 'unsafe-inline' 'unsafe-eval'

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Content Security Policy (CSP) block eval method call Why CSP header block jQuery on dev server, but work on localhost? Javascript CSP Block Self-project and CSP Block eval && new Function What are the eval()-related functions to be avoided when CSP is enabled? CSP unsafe-eval using Google Maps API eval gets executed even thought ng-csp directive is used CSP: How to allow unsafe-eval for a given URI prefix (Firefox) CSP safe usage of 'unsafe-inline' 'unsafe-eval'

Related Tags

block eval() in CSP header Angular 8 project

Question

1 answers

solution1 0 ACCPTED 2021-02-10 14:03:39

solution1
0 ACCPTED 2021-02-10 14:03:39