Security policy not passing

[ptorrent]

Hello,

We're using security header (Content-Security-Policy) on the page and we don't allow unsafe-eval. I see that there is a "new Function" in you code that is blocked by this header....

Refused to evaluate a string as JavaScript because 'unsafe-eval'

Is there a way to change the new Function call ?

[petersirka]

Hi. I don't see any workarounds for this case. Tangular compiles the input text into a function. So in this case, it is not possible to use Tangular and our platform (most functionality uses new Function evaluation).

[ptorrent]

Ok thanks a lot for your message ! i will find a workaround, maybe you should care about that... a lot of website are using CSP with inline-script not allowed.

[petersirka]

I understand and will consider it, but this is the most powerful functionality available in dynamic languages for dynamic parts and components. It's solvable via a precompiled template, so the server must return the compiled function directly.