Progress® Telerik® UI for Blazor Feedback Portal
Back to Feed
Request a Feature Report a Bug
Duplicated
Last Updated: 16 Sep 2024 12:39 by ADMIN
Matthijs
Created on: 16 Sep 2024 12:03
Category: PDFViewer
Type: Bug Report
0
Remove eval() function from the telerik-blazor.js file

We're currently working on requiring a Google CASA Security Assessment, as part of this they scanned our site. 

However, the scan found an eval() function in the telerik-blazor.js file:

if(_util.isNodeJS){const worker=eval("require")(this.workerSrc);return worker.WorkerMessageHandler}

 

Is it possible to remove eval() from telerik-blazor.js?

 
Duplicated
This item is a duplicate of an already existing item. You can find the original item here:
Make the Spreadsheet compliant with strict Content Security Policy (CSP)
1 comment
ADMIN
Dimo
Posted on: 16 Sep 2024 12:39

Hi Matthijs,

Currently, our Blazor Spreadsheet is the only component that is not CSP compliant, as far as our own JavaScript source code is concerned. We are working to resolve this and you can follow Make the Spreadsheet compliant with strict Content Security Policy (CSP)

The code that you are mentioning is from PDF.js, which is used by our PDF Viewer. As far as I can see, PDF.js version 3.11.174 is the last one that contains this eval() statement and we have already upgraded to version 4.3.136 in our internal code repository. This means that the offending code should disappear in our future releases

For a possible immediate workaround, please refer to: How to rebuild telerik-blazor.js and remove some components

Regards,
Dimo
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Create an account Log In
View
Type
Status
Category