search

surveyjs / survey-library

Free JavaScript form builder library with integration for React, Angular, Vue, jQuery, and Knockout.
https://surveyjs.io/form-library
MIT License
4.2k stars 810 forks source link

csp policy with survey-angular #4331

Closed gawielgo closed 2 years ago

gawielgo commented 2 years ago

I cloned the library developed in native angular, everything works perfectly, the only problem is that adding the following csp policy:

meta http-equiv="Content-Security-Policy" content="script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; object-src 'none';base-uri 'none';"

as google's csp evaluator recommends, but I encounter the problem shown in the figure:

Cattura

Are you requesting a feature, reporting a bug or asking a question?

a bug

What is the current behavior?

the error shown in the figure

What is the expected behavior?

no errors with the csp policy

How would you reproduce the current behavior (if this is a bug)?

deploying an angular project in which the survey-angular library has been installed and where the recommended csp policy tag has been inserted

Specify your

andrewtelnov commented 2 years ago

@gawielgo We are using knockout for rendering in 'survey-angular'. We are working on Angular rendering right now. It is probably that we will have Angular rendering and "survey-angular-ui" package in couple months. It will not have this issue. Knockout templates are parsed by using eval function (knockoutjs library). So, it is in our plans to have Angular rendering for SurveyJS Library and later for Survey Creator, as we do it for react. In fact, we are already working on it.

Thank you, Andrew

rizzaccio87 commented 2 years ago

@andrewtelnov are there any news about it? I installed the "survey-angular-ui" library (v 1.9.53) and I tried to use it: the CSP issue unsafe-eval doesn't seem to be anymore. I tried to use a component of the new library, but I did not find documentation about: where could I find it? When will a stable version of the "survey-angular-ui" library and survey creator be released? Thanks

tsv2013 commented 2 years ago

@rizzaccio87 We've released "survey-angular-ui" library several months ago and right now are preparing for the "survey-creator-angular" release. It's planned to be released in the month or so. You can track our social networks https://twitter.com/surveyjs and https://www.facebook.com/SurveyJS

rizzaccio87 commented 2 years ago

@tsv2013 the documentation refers to survey-angular npm package and not to the new library. Where could I find API documentation and examples of use for survey-angular-ui library? Thanks

tsv2013 commented 2 years ago

@rizzaccio87 You can find examples on our site - https://surveyjs.io/form-library/examples/nps-question/angular

tsv2013 commented 2 years ago

@rizzaccio87 I thought it's ready. But looks like it's under development for while. It will be available on the official Angular CreatorV2 release.