search

henrygd / bigpicture

Lightweight JavaScript image / video viewer. Supports Youtube, Vimeo, etc.
https://henrygd.me/bigpicture
MIT License
818 stars 76 forks source link

Content Security Error - refused to evaluate string #48

Closed jantimon closed 4 years ago

jantimon commented 4 years ago

Hey @henrygd

we are testing bigpicture together with Content Security Policy (CSP)

Unfortunately CSP refuses to execute this line:

https://github.com/henrygd/bigpicture/blob/68cc9220c971f9f3d745ae6bb5ec8a175561b836/index.js#L656-L657

The reason is that animationEnd is undefined.
Would it be possible to wrap this call with an if or to set animationEnd to a noop function?

secutiry
jantimon commented 4 years ago

Thank you so much! 👍

Just one question why do you store the result of setTimout (a number) in a function variable?

henrygd commented 4 years ago

No problem. It's just stored so we can stop the function from running if the container is closed before the animation ends.

https://github.com/henrygd/bigpicture/blob/master/src/BigPicture.js#L696