onoufriosm
commented
2 years ago (My workaround for the moment is loading ketcher in an iframe but would be nice to use the React component directly)
Open onoufriosm opened 2 years ago
onoufriosm
commented
2 years ago (My workaround for the moment is loading ketcher in an iframe but would be nice to use the React component directly)
AllaZhbanova
commented
2 years ago 
AndreiMazol
commented
2 years ago Moved to 2.5 cc: @AllaZhbanova
martinuncountable
commented
1 year ago @AndreiMazol @AllaZhbanova
My understanding is that if we introduce an option for ketcher-core/react package to compile the AVJ validation schemas at build time that will remove the unsafe-eval dependency.
Is this something being actively worked on?
ahmepham
commented
10 months ago @martinuncountable Do you have any update on this. It is currently blocking my ability to use ketcher in my app, which is a bummer since ketcher is a very nice library
martinuncountable
commented
3 months ago @martinuncountable Do you have any update on this. It is currently blocking my ability to use ketcher in my app, which is a bummer since ketcher is a very nice library
Yes we have forked Ketcher to use json-schema instead. We are working on creating a PR here to merge upstream.
Steps to Reproduce Add a CSP (in your html entry file) that doesn't allow for "unsafe-eval"
Expected behavior Not throw a CSP error
Actual behavior Throws a CSP error
Additional context I've tracked this down to
ketcher-standalone/src/generate/libindigo.jsline 1230. Specificallynew Functionwill cause this.Don't have enough context to make a change to this but essentially
new Functionshould go away otherwise CSP won't let it run.