Secure dynamic JS compilation under CSP from John J Barton on 2012-07-19 (public-webappsec@w3.org from July 2012)

From: John J Barton <johnjbarton@johnjbarton.com>
Date: Thu, 19 Jul 2012 10:45:37 -0700
To: public-webappsec@w3.org
Message-ID: <CAFAtnWzmBThywOEg+M5_iN1h-_EOf5NsGrhNoKZGCTr29HU2og@mail.gmail.com>

Hi. I was looking into converting my application to use CSP when I learned
that neither eval nor new Function() are allowed. I have a large
application that uses these features to compile JS at runtime. I am
wondering what alternatives are available.

Thanks,
jjb

Received on Thursday, 19 July 2012 17:46:04 UTC