- From: Eric Chen <eric.chen@sv.cmu.edu>
- Date: Thu, 19 Jul 2012 10:54:43 -0700
- To: John J Barton <johnjbarton@johnjbarton.com>
- Cc: public-webappsec@w3.org
Received on Thursday, 19 July 2012 17:55:10 UTC
Hi John: On Thu, Jul 19, 2012 at 10:45 AM, John J Barton <johnjbarton@johnjbarton.com > wrote: > Hi. I was looking into converting my application to use CSP when I learned > that neither eval nor new Function() are allowed. I have a large > application that uses these features to compile JS at runtime. I am > wondering what alternatives are available. > You can use 'unsafe-eval' to allow eval -- -Eric
Received on Thursday, 19 July 2012 17:55:10 UTC