This repository was archived by the owner on Sep 25, 2021. It is now read-only.
This repository was archived by the owner on Sep 25, 2021. It is now read-only.
Avoid using new Function() #47
Open
Description
The new Function(...)
, user here: https://github.com/blueimp/JavaScript-Templates/blob/master/js/tmpl.js#L24
is a bad practice, and disabled by default if using Content Security Policy (see here)
Can this be replaced? Otherwise who uses CSP must add unsafe-eval
to use this library, allowing potential secutiry vulnerabilities.
Metadata
Metadata
Assignees
Labels
No labels