I'm using CSP on my server. Sadly, I have to allow unsafe-eval because of Joomla. There are more secure alternatives to eval():
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#Don.27t_use_eval.21
See also http://www.w3.org/TR/CSP/#script-src
Yep, thirdparties should be handled by them directly.
I'm closing this issue since you now did a PR (which has its own issue).
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-06-30 06:30:17 |
Labels |
Added:
?
|
Since you seem to be familiar with the topic and know how to improve the code, may I ask you to create a Pull Request?