Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use of eval() in dimension-handler.js requires undesirable CSP script-src 'unsafe-eval' #74

Closed
jptrainor opened this issue May 13, 2016 · 0 comments · Fixed by #151
Closed

use of eval() in dimension-handler.js requires undesirable CSP script-src 'unsafe-eval' #74

jptrainor opened this issue May 13, 2016 · 0 comments · Fixed by #151
Labels
enhancement Update-Quarterly web-animations

Comments

@jptrainor
Copy link

The dimension-handler.js code uses eval(). Is there anyway other it can be implemented? It prevents use of script-src 'unsafe-eval' as part of a Content-Security-Policy.

I found this in a polymer application that is deployed in an iOS WKWebView. The paper-drop-down menu animates something using this polyfill and it breaks badly due to the eval() failing as a result of an 'unsafe-eval' policy setting. It's a shame to have to remove 'unsafe-eval' just for sake of animation. I'd be okay with a slower animation if that's the trade off.
ewilligers pushed a commit to ewilligers/web-animations-js that referenced this issue Jul 18, 2017
@ericwilligers
Parse and evaluate calc expressions
ee288bd 
We no longer rely on 'eval'. Instead, we parse the calc expression
and compute the value.

We take advantage of the requirement that + and - operators must
be surrounded by whitespace. This lets us detect each of the five tokens
in -1.23e+45 + -1.23e+45 - -1.23e+45 using a simple regular expression.

Spec:
https://www.w3.org/TR/css3-values/#calc-syntax

resolves web-animations#74
@ewilligers ewilligers mentioned this issue Jul 18, 2017
Merged
ewilligers pushed a commit to ewilligers/web-animations-js that referenced this issue Jul 18, 2017
@ericwilligers
Parse and evaluate calc expressions
65721b0 
We no longer rely on 'eval'. Instead, we parse the calc expression
and compute the value.

We take advantage of the requirement that + and - operators must
be surrounded by whitespace. This lets us detect each of the five tokens
in -1.23e+45 + -1.23e+45 - -1.23e+45 using a simple regular expression.

Spec:
https://www.w3.org/TR/css3-values/#calc-syntax

resolves web-animations#74
ewilligers pushed a commit to ewilligers/web-animations-js that referenced this issue Jul 19, 2017
@ericwilligers
Parse and evaluate calc expressions
a081deb 
We no longer rely on 'eval'. Instead, we parse the calc expression
and compute the value.

We take advantage of the requirement that + and - operators must
be surrounded by whitespace. This lets us detect each of the five tokens
in -1.23e+45 + -1.23e+45 - -1.23e+45 using a simple regular expression.

Spec:
https://www.w3.org/TR/css3-values/#calc-syntax

resolves web-animations#74
ewilligers pushed a commit to Motion-Path-Polyfill/web-animations-js that referenced this issue Jul 21, 2017
@ericwilligers
Parse and evaluate calc expressions
c7fd20a 
We no longer rely on 'eval'. Instead, we parse the calc expression
and compute the value.

We take advantage of the requirement that + and - operators must
be surrounded by whitespace. This lets us detect each of the five tokens
in -1.23e+45 + -1.23e+45 - -1.23e+45 using a simple regular expression.

Spec:
https://www.w3.org/TR/css3-values/#calc-syntax

resolves web-animations#74
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Update-Quarterly web-animations
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Parse and evaluate calc expressions ewilligers/web-animations-js
3 participants
@suzyh @jptrainor @alancutter