Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#3837] - Replace eval() in JavaScript

?
avatar J0WI
J0WI
29 Jun 2014

I'm using CSP on my server. Sadly, I have to allow unsafe-eval because of Joomla. There are more secure alternatives to eval():
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#Don.27t_use_eval.21

See also http://www.w3.org/TR/CSP/#script-src

avatar J0WI J0WI - open - 29 Jun 2014
avatar Bakual
Bakual - comment - 29 Jun 2014

Since you seem to be familiar with the topic and know how to improve the code, may I ask you to create a Pull Request?

avatar J0WI
J0WI - comment - 30 Jun 2014

Created a pull request #3840. Other files are thirdparty (mootools, tinymce, json2.js). Should I contact them directly?

avatar zero-24 zero-24 - close - 30 Jun 2014
avatar Bakual
Bakual - comment - 30 Jun 2014

Yep, thirdparties should be handled by them directly.

I'm closing this issue since you now did a PR (which has its own issue).

avatar Bakual Bakual - change - 30 Jun 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-06-30 06:30:17
avatar Bakual Bakual - close - 30 Jun 2014
avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment