-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot be used in a browser with a CSP set that does not include the unsafe-eval
permission
#48
Comments
Can you pin point the file including eval? From what I recall, this lib should not include it anywhere |
I included a link to the offending line in my OP. Parser.ts, line 276. There is a tslint-ignore comment directly above it to allow the use of it. It seems to be used exclusively to turn a JSON string into a JS string - for which JSON.parse would also work. |
If that's the case, it should certainly work. Will try from the github UI hoping the CI is still working. I didn't see the link from mobile, my bad |
Update: It seems like eval is used to handle both Do you have a fn that does that at hand? I'm juggling with various open fronts at the moment |
Would you test if |
I can't really... I was consuming this package as a part of json-schema-library, which itself uses this package as part of json-query. But if the eval is gone that will definitely solve the underlying problem |
Ok, will publish a patch. Tests are passing and are extensive |
Thanks! I'll see if I can get the downstream library I was trying to use to pick up the update. |
The usage of
eval
in Parser.ts prevents the library from being used in any browser-based application that disallows eval for security reasons. The error thrown is a generic "Cannot parse (valid grammar)" error, which may be the origin of the issue in #43.The text was updated successfully, but these errors were encountered: