? Success

User tests: Successful: Unsuccessful:

avatar J0WI
J0WI
30 Jun 2014

referring to issue #3837:

I'm using CSP on my server. Sadly, I have to allow unsafe-eval because of Joomla. There are more secure alternatives to eval():
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#Don.27t_use_eval.21
See also http://www.w3.org/TR/CSP/#script-src

avatar J0WI J0WI - open - 30 Jun 2014
avatar Bakual
Bakual - comment - 30 Jun 2014

Can you apply this change also to the file treeselectmenu.jquery.js. It contains the uncompressed code for the same thing.

avatar Fedik
Fedik - comment - 30 Jun 2014

@Bakual eval() does not exist in uncompressed version (just checked), but it in minified version for not clear purpose, very strange...

avatar J0WI
J0WI - comment - 30 Jun 2014

Exactly.
It's just another form of compression, but it's highly recommend to not use the eval() function if not really necessary. So now there are a few bytes more, but without making use of eval().

avatar Bakual
Bakual - comment - 30 Jun 2014

Ah. So the eval may have been applied by the compressing tool? Or was that manually added there?

avatar Fedik
Fedik - comment - 30 Jun 2014

yes, can be by the compressing tool, but I not know a tool that use such trick :smile:

avatar J0WI
J0WI - comment - 30 Jun 2014

This one uses exactly this function if you enable Base62 encode:
http://dean.edwards.name/packer/

avatar brianteeman brianteeman - change - 21 Aug 2014
Status New Pending
avatar nicksavov nicksavov - change - 21 Aug 2014
Labels Removed: ?
avatar J0WI J0WI - close - 13 Jan 2015
avatar J0WI
J0WI - comment - 13 Jan 2015

Closed by #3902

avatar J0WI J0WI - close - 13 Jan 2015
avatar J0WI J0WI - change - 13 Jan 2015
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2015-01-13 19:56:51
avatar J0WI J0WI - head_ref_deleted - 18 Jul 2015

Add a Comment

Login with GitHub to post a comment