W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2012

Secure dynamic JS compilation under CSP

From: John J Barton <johnjbarton@johnjbarton.com>
Date: Thu, 19 Jul 2012 10:45:37 -0700
Message-ID: <CAFAtnWzmBThywOEg+M5_iN1h-_EOf5NsGrhNoKZGCTr29HU2og@mail.gmail.com>
To: public-webappsec@w3.org

Hi. I was looking into converting my application to use CSP when I learned
that neither eval nor new Function() are allowed. I have a large
application that uses these features to compile JS at runtime. I am
wondering what alternatives are available.

Thanks,
jjb

Received on Thursday, 19 July 2012 17:46:04 UTC

This message: [ Message body ]
Next message: Adam Barth: "Re: Secure dynamic JS compilation under CSP"
Previous message: Cameron Jones: "Re: Why the restriction on unauthenticated GET in CORS?"
Next in thread: Adam Barth: "Re: Secure dynamic JS compilation under CSP"
Reply: Adam Barth: "Re: Secure dynamic JS compilation under CSP"
Reply: Eric Chen: "Re: Secure dynamic JS compilation under CSP"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:59 UTC