search

lephyrus / ngx-translate-messageformat-compiler

Advanced pluralization (and more) for ngx-translate, using standard ICU syntax which is compiled with the help of messageformat.js.
MIT License
93 stars 29 forks source link

CSP 'unsafe-eval' required #114

Open jeandat opened 8 months ago

jeandat commented 8 months ago

Hey there, Is it still really necessary?

Others libraries like ngx-translate-parser-plural-select don't need it.

It would be better if unsafe-eval requirement could be removed for security reasons. For instance, in my project, this is the only lib that forces me to allow unsafe-eval.

lephyrus commented 7 months ago

It would be better if unsafe-eval requirement could be removed for security reasons.

Agreed. The reason why it's necessary is explained in the README. There's even a link there that allows you to dig into it, if you're interested.

Have a look at #48 for an alternative approach that won't require unsafe-eval. I don't currently have the interest (or spare time) to look into that more.