Opened 4 years ago
Closed 4 years ago
#18960 closed defect (invalid)
ItemFileReadStore → xhr → fromJson → eval → Content-Security-Policy violation
Reported by: | Anders Kaseorg | Owned by: | |
---|---|---|---|
Priority: | undecided | Milestone: | tbd |
Component: | General | Version: | 1.12.1 |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
It seems that ItemFileReadStore
cannot work under a useful Content-Security-Policy, because it uses xhr
with handleAs: "json-comment-optional"
, which calls fromJson
, which is a wrapper around eval
(rather than a real JSON parser like json.parse
).
Can we just alias fromJson
to json.parse
? Or fix xhr
’s json
/json-comment-filtered
/json-comment-optional
handlers to use json.parse
?
Change History (2)
comment:1 Changed 4 years ago by
Status: | new → pending |
---|
comment:2 Changed 4 years ago by
Resolution: | → invalid |
---|---|
Status: | pending → closed |
Because we get so many tickets, we often need to return them to the initial reporter for more information. If that person does not reply within 14 days, the ticket will automatically be closed, and that has happened in this case. If you still are interested in pursuing this issue, feel free to add a comment with the requested information and we will be happy to reopen the ticket if it is still valid. Thanks!
The main reason this has not been addressed is that historically we try not break forwards compatibility with APIs.
So the right approach would have been to replace dojo/data to use dojo/request, but there was no way to do this without breaking the API, so instead only dojo/store and dstore rely on dojo/request.
Is there a reason that you cannot upgrade to use dstore/Memory, dstore/RequestMemory, or dojo/store/Memory (or dojo-smore/RequestMemory)?