-
-
Notifications
You must be signed in to change notification settings - Fork 78.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v4 Modal transition (fade) violates CSP (script-src 'unsafe-inline') #17964
Comments
This is the cause of the problem (in reflow: function reflow(element) {
new Function('bs', 'return bs')(element.offsetHeight);
}, I'm trying to figure an alternative way to access the proper global object, without using the function constructor, unless you want to classify this as WontFix as well. |
I wonder, wouldn't something like this cause a reflow without creating a new function? reflow: function reflow(element) {
return element.offsetHeight;
}, |
That strange coding style might be a remnant from earlier drafts of v4 which used the Google Closure compiler, presumably to prevent that function from being optimized away completely. |
Modals with the .fade class trigger an error on show, causing the modal to fail to show and scripts to stop working requiring a page reload. This wasn't a problem in v3 and seems to be caused by the reflow function trying to eval() and inject javascript in the page.
Using branch v4-dev in a Meteor app.
The text was updated successfully, but these errors were encountered: