You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Function constructor is not allowed in browser context in browser context when a safe CSP is used (without unsafe-eval). For example it prevent the usage of Plotly with a safe CSP because it uses this package: plotly/plotly.js#897
If a content security policy is in place, note that dsv.parse requires unsafe-eval in the script-src directive, due to the (safe) use of dynamic code generation for fast parsing. (See source.) Alternatively, use dsv.parseRows.
Maybe a replacement for dsv.parse (ex. dsv.parseSafe) should be given?
The text was updated successfully, but these errors were encountered:
https://github.com/d3/d3-dsv/blob/master/src/dsv.js#L8
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function
The
Function
constructor is not allowed in browser context in browser context when a safe CSP is used (withoutunsafe-eval
). For example it prevent the usage of Plotly with a safe CSP because it uses this package: plotly/plotly.js#897https://github.com/d3/d3-dsv#content-security-policy
Maybe a replacement for
dsv.parse
(ex.dsv.parseSafe
) should be given?The text was updated successfully, but these errors were encountered: