Closed LangQian closed 4 years ago
dylans
commented
4 years ago Hi @LangQian I think it's safe to say that parts of DojoX don't get enough use and this was missed. If you want to create a pull request to address this issue, I can land it in the next release. If not, we will get to it as soon as possible.
LangQian
commented
4 years ago Hi @dylans I believe the example I gave above was just the 1st error I hit and there are way too many codes calling it according to my brief investigation. Please forgive me if there is a simple way to address this, but as a noob to Javascript, I think the only way to fix this is replacing every caller with a new corresponding function. Hence, I'm not sure if I have that much time to address all of them, given the project I'm working on right now. If Dojo team can help address this, it will help a lot. Thanks!
lang/functional/lambda.js makes use of Function(string), which causes unsafe-eval violations. on line 122, we have:
return lcache[s] = new Function(l.args, "return (" + l.body + ");");I'm currently using functionalities in dojox/charting and get unsafe-eval errors because it frequently calls the code above. For example, from line 47 to 52 in charting/Chart.js, we have:
clear = func.lambda("item.clear()"), purge = func.lambda("item.purgeGroup()"), destroy = func.lambda("item.destroy()"), makeClean = func.lambda("item.dirty = false"), makeDirty = func.lambda("item.dirty = true"), getName = func.lambda("item.name"),According to Dojo 1.11 Release Notes, Dojo should be compliant with CSP since 1.11, does this only apply to Dojo core? If yes, will this issue be addressed in the near future? Thanks!