ttag is using new Function on making plural strings against CSP

ttag-org / ttag

:orange_book: simple approach for javascript localization

https://ttag.js.org/

MIT License

337 stars 40 forks source link

ttag is using new Function on making plural strings against CSP #261

Open kymtwyf opened 1 year ago

kymtwyf commented 1 year ago

to make the plural function:

function makePluralFunc(pluralStr) {
  /* eslint-disable no-new-func */
  var fn = fnCache[pluralStr];

  if (!fn) {
    fn = new Function('n', 'args', pluralFnBody(pluralStr));
    fnCache[pluralStr] = fn;
  }

  return fn;
}

the above code uses the new Function which validates againt Content Security Policy of browsers. How can I mitigate this usage ?

vovkvlad commented 4 months ago

Any updates on this? Facing the same issue with CSP violation in our repo, and struggling to come up with an idea how to solve it.

Thnx