Holiday Notice: Support will be provided on a limited scale from December 24th, 2024, to January 2nd, 2025. Happy holidays and a wonderful New Year!


Topic: CSP issue in MDB.js code

Bidhuri free asked 1 year ago


There should not be CSP issue due to MDB.js file code

*_MDB.js file contain some piece of code that causes CSP issue *_

Note : I am using below version of code

Version: MDB Pro 4.20.0

ISSUE : Content Security Policy of your site blocks the use of 'eval' in JavaScript`

Below highlighted code is written at two places which cause this issue .

try { // This works if eval is allowed (see CSP) g = g || Function("return this")() || (1, eval)("this");} catch (e) { // This works if the window reference is available if ((typeof window === "undefined" ? "undefined" : _typeof(window)) === "object") g = window;}


Kamila Pieńkowska staff answered 1 year ago


Thanks for letting us know, we will look into this.


Pr0udN3rd free commented 1 year ago

This has been brought to your attention years ago but nothing seems to have happened since.

https://mdbootstrap.com/support/jquery/remove-eval-functions-from-code/


Kamila Pieńkowska staff commented 1 year ago

That's not exactly true. jQuery package is a separate product with its own support team. We will fix this problem.



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue

  • ForumUser: Free
  • Premium support: No
  • Technology: MDB Standard
  • MDB Version: MDB5 4.2.0
  • Device: Laptop
  • Browser: Chrome
  • OS: window
  • Provided sample code: No
  • Provided link: No