Closed aopell closed 4 years ago
@aopell great.. I will merge the changes and include in the new version.. thanks
@aopell these changes was included with the version 1.4.1.
You can check with the below updated source: Production: https://cdn.jsdelivr.net/npm/round-slider@1.4.1/dist/roundslider.min.js Development: https://cdn.jsdelivr.net/npm/round-slider@1.4.1/src/roundslider.js
So you can use this updated version in your project. thanks...
Thank you very much for being so responsive!
I'm using this library in a project where the Content Security Policy is not allowed to contain
unsafe-eval
, so I investigated why this library needs to calleval
and modified the two offending lines to useparseFloat
instead, which is safer from a security point of view.The
eval
lines were evaluating simple math expressions from a string such aseval("90+360")
oreval("45-180")
, so I modified it to instead add the first number with a parsed float from the sign and the second number. The previous examples would be evaluated as90 + parseFloat("+360")
and45 + parseFloat("-180")
respectively with the new method.