v4 Modal transition (fade) violates CSP (script-src 'unsafe-inline') #17964
Milestone
Comments
|
This is the cause of the problem (in reflow: function reflow(element) {
new Function('bs', 'return bs')(element.offsetHeight);
},I'm trying to figure an alternative way to access the proper global object, without using the function constructor, unless you want to classify this as WontFix as well. |
|
I wonder, wouldn't something like this cause a reflow without creating a new function? reflow: function reflow(element) {
return element.offsetHeight;
}, |
|
That strange coding style might be a remnant from earlier drafts of v4 which used the Google Closure compiler, presumably to prevent that function from being optimized away completely. |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Modals with the .fade class trigger an error on show, causing the modal to fail to show and scripts to stop working requiring a page reload. This wasn't a problem in v3 and seems to be caused by the reflow function trying to eval() and inject javascript in the page.
Using branch v4-dev in a Meteor app.
The text was updated successfully, but these errors were encountered: