-
Notifications
You must be signed in to change notification settings - Fork 6
Open
Description
Currently this (great) addon uses unsafe code evaluation here, so it cannot be used on sites without specifying Content-Security-Policy script-src 'unsafe-eval' ....; This is a no go in applications with higher security requirements.
Ideally we could find a way to refactor the code to not use evaluation.
I'm sure there was a good reason to use eval in the first place, rather than static code, but I'm not sure what those are. Do you remember @mydea ?
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels