CSP issue in MDB.js code


Topic: CSP issue in MDB.js code

Bidhuri asked 2 years ago

There should not be CSP issue due to MDB.js file code

*_MDB.js file contain some piece of code that causes CSP issue *_

Note : I am using below version of code

Version: MDB Pro 4.20.0

ISSUE : Content Security Policy of your site blocks the use of 'eval' in JavaScript`

Below highlighted code is written at two places which cause this issue .

try { // This works if eval is allowed (see CSP) g = g || Function("return this")() || (1, eval)("this");} catch (e) { // This works if the window reference is available if ((typeof window === "undefined" ? "undefined" : _typeof(window)) === "object") g = window;}


kpienkowska staff answered 2 years ago

Thanks for letting us know, we will look into this.


Pr0udN3rd commented 2 years ago

This has been brought to your attention years ago but nothing seems to have happened since.

https://mdbootstrap.com/support/jquery/remove-eval-functions-from-code/


kpienkowska staff commented 2 years ago

That's not exactly true. jQuery package is a separate product with its own support team. We will fix this problem.


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue
  • User: Free
  • Premium support: No
  • Technology: MDB Standard
  • MDB Version: MDB5 4.2.0
  • Device: Laptop
  • Browser: Chrome
  • OS: window
  • Provided sample code: No
  • Provided link: No
Tags