Does it work with CSP `unsafe-eval`?

hyperjump-io / json-schema

JSON Schema Validation, Annotation, and Bundling. Supports Draft 04, 06, 07, 2019-09, 2020-12, OpenAPI 3.0, and OpenAPI 3.1

https://json-schema.hyperjump.io/

MIT License

216 stars 22 forks source link

Does it work with CSP `unsafe-eval`? #35

Closed silverwind closed 1 year ago

silverwind commented 1 year ago

Does this module would work with unsafe-eval?

If it does, this info should be added as a feature in the README, because it would be a major benefit compared to similar modules which require unsafe-eval, like these ones:

ajv: https://github.com/ajv-validator/ajv/issues/406
schemasafe: https://github.com/ExodusMovement/schemasafe/issues/153

jdesrosiers commented 1 year ago

I haven't actually tried it myself, but there's no reason this package shouldn't work with unsafe-eval. There's no code that evaluates strings as JavaScript anywhere in this package.

silverwind commented 1 year ago

Right, that sounds promising. If there are none of the 5 constructs mentioned on MDN in the codebase, you can be sure it will work.

jdesrosiers commented 1 year ago

I can confirm that none of those 5 constructs are used.

silverwind commented 1 year ago

Good enough for me, thanks 👍.