hhff
commented
9 years ago Good catch @williscool - just fixed that here: https://github.com/hhff/spree-ember/commit/7280245b8b3c83d9b4ae38f90e3d9238294877e5
Should have that PR merged by Saturday.
Closed williscool closed 9 years ago
hhff
commented
9 years ago Good catch @williscool - just fixed that here: https://github.com/hhff/spree-ember/commit/7280245b8b3c83d9b4ae38f90e3d9238294877e5
Should have that PR merged by Saturday.
williscool
commented
9 years ago nice
So
https://github.com/hhff/spree-ember/blob/fix/better-checkout-architecture/packages/checkouts/addon/mixins/checkouts.js#L164
Means that users would have to set csp for scripts to
'unsafe eval'http://www.html5rocks.com/en/tutorials/security/content-security-policy/#eval-too
Any chance that code could be rewritten to only take the state as a string and not be an eval?