Cannot be used in browser-based applications that set a CSP which disallows unsafe-eval

sagold / json-schema-library

Customizable and hackable json-validator and json-schema utilities for traversal, data generation and validation

MIT License

164 stars 19 forks source link

Cannot be used in browser-based applications that set a CSP which disallows unsafe-eval #39

Closed snoozbuster closed 12 months ago

snoozbuster commented 1 year ago

See https://github.com/lys-lang/node-ebnf/issues/48 for additional context. the ebnf package used by json-query cannot be used in browser-based applications with CSPs that restrict the use of eval.

snoozbuster commented 1 year ago

This has been fixed in node-enbf@1.9.1 - see here. Could json-query and this package be updated to pick up that updated version?

jaylinski commented 1 year ago

The latest version requires "@sagold/json-query": "^6.0.0" (https://github.com/sagold/json-schema-library/blob/v7.4.8/package.json#L86), which requires "ebnf": "^1.9.0" (https://github.com/sagold/json-query/blob/v6.0.0/package.json#L27). So this package already allows the updated ebnf-version to be installed.

One just has to update all npm dependencies.

sagold commented 1 year ago

Thank you both for this update. json-query and its ebnf dependency has been updated and published. A corresponding update of json-schema-library will follow.

sagold commented 1 year ago

With

json-schema-library@7.4.9 and
json-schema-library@8.0.0

dependencies use ebnf@1.9.1. Can you verify that this solves your issue?

Cheers. sagold