soundar24
commented
4 years ago @aopell great.. I will merge the changes and include in the new version.. thanks
Closed aopell closed 4 years ago
soundar24
commented
4 years ago @aopell great.. I will merge the changes and include in the new version.. thanks
soundar24
commented
4 years ago @aopell these changes was included with the version 1.4.1.
You can check with the below updated source: Production: https://cdn.jsdelivr.net/npm/round-slider@1.4.1/dist/roundslider.min.js Development: https://cdn.jsdelivr.net/npm/round-slider@1.4.1/src/roundslider.js
So you can use this updated version in your project. thanks...
aopell
commented
4 years ago Thank you very much for being so responsive!
I'm using this library in a project where the Content Security Policy is not allowed to contain
unsafe-eval, so I investigated why this library needs to callevaland modified the two offending lines to useparseFloatinstead, which is safer from a security point of view.The
evallines were evaluating simple math expressions from a string such aseval("90+360")oreval("45-180"), so I modified it to instead add the first number with a parsed float from the sign and the second number. The previous examples would be evaluated as90 + parseFloat("+360")and45 + parseFloat("-180")respectively with the new method.