external-repos/squoosh
1
0
Fork 1
mirror of https://github.com/GoogleChromeLabs/squoosh.git synced 2025-11-15 18:19:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enabled unsafe eval

Browse Source
This commit is contained in:
maudnals
2021-12-23 09:29:04 +01:00
parent 8a860f285c
commit 8aeea1dc04
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/static-build/utils.tsx
View File

@@ -35,7 +35,9 @@ function addCspAsMetaTag(htmlString: string) {
// Hash inline scripts from this html file, if there are any // Hash inline scripts from this html file, if there are any
const scriptHashes = s.hashAllInlineScripts(); const scriptHashes = s.hashAllInlineScripts();
// Generate a strict CSP as a string // Generate a strict CSP as a string
const strictCsp = StrictCsp.getStrictCsp(scriptHashes, false, true); // enableTrustedTypes: false, enableBrowserFallbacks: true
// enableUnsafeEval: true, to accomodate for uses of eval by emscripten. Enabling eval makes the CSP a bit less secure
const strictCsp = StrictCsp.getStrictCsp(scriptHashes, false, true, true);
// Set this CSP via a meta tag // Set this CSP via a meta tag
s.addMetaTag(strictCsp); s.addMetaTag(strictCsp);
const htmlStringWithCsp = s.serializeDom(); const htmlStringWithCsp = s.serializeDom();