// inline partial in a template
const a = Ractive.parse(`{{#partial a}}{{1 + 2}}{{/partial}}`, { csp: true });
// look for the expression converted as function in `e`
console.info(a.e) // undefined – doesn't work
// plain template
const b = Ractive.parse(`{{1 + 2}}`, { csp: true });
console.info(b.e) // {1+2: function() {...} } – works just fine
Issue also appears with partials pre-rendered separately, or imported from other components (ex. via Ractive.extend(...)).
Description:
Partials (inline or pre-parsed) cannot be used on environments that enforce a strict Content Security Policy (CSP).
It turns out that only the expressions in templates are successfully pre-converted to functions.
I worked together with @marcalexiei on this issue. A full list of test-cases, along with a patch, will be provided shortly in a related pull-request.
Versions affected:
1.0.x
Platforms affected:
all pages that enforce a strict CSP policy (ex. Chrome extensions)
Reproduction:
JSFiddle
Issue also appears with partials pre-rendered separately, or imported from other components (ex. via
Ractive.extend(...)).