[BUG] Getting error while loading form using form-builder - unsafe-eval

[vinayrdy966]

• Hosting type
  • [x] Form.io
  • [ ] Local deployment
  • Version:
• Formio.js version: 4.19.4
• Frontend framework: angular
• Browser: all
• Browser version: latest

Steps to Reproduce

1. Just include this meta tag in index.html <meta http-equiv="content-security-policy" content="default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; media-src 'self' data: blob:; object-src 'self' data:; frame-src 'none'; upgrade-insecure-requests" />

angular template: <form-builder class="custom-form-builder" [form]="form" [options]="options"

[vinayrdy966]

If I replace this exiting code which is causing eval error in evaluator.js try { // Ensure we handle copied templates from the ejs files. _template = _template.replace(/ctx\./g, ''); return Evaluator.cache[hash] = _lodash["default"].template(_template, Evaluator.templateSettings); } catch (err) { console.warn('Error while processing template', err, _template); }

with this code I am able to resolve this issue. `try { _template = _template.replace(/ctx./g, ''); // Simple manual interpolation without using eval const context = { / context values / }; _template = _template.replace(/{{\s([^{}\s])\s*}}/g, (match, p1) => { return context[p1] || ''; });

Evaluator.cache[hash] = _template; return _template; } catch (err) { console.warn('Error while processing template', err, _template); }`