TechQA.

Content Security Policy with google closure

128 views Asked by At

I am trying to enable CSP for my web application. My policy is something like:

"default-src 'self' gap: cdvfile:;"

I am using google closure for javascript. However without javascript optimization, My js is blocked because of :

goog.json.parse uses eval()

If I compile my code with closure compiler, there is no issue as in advance compile, eval() is not used. (JSON.parse is used)

I know, as a workaround, I can use sha256-..... or nonce=.....

Is there any other way, I can use CSP without using sha.. or nonce...

javascript json google-closure-compiler google-closure-library
Original Q&A
1

There are 1 answers

1
Chad Killingsworth On

I believe if you add goog.json.USE_NATIVE_JSON = true; to your code that it won't use eval.

Related Questions in JAVASCRIPT

Related Questions in JSON

Related Questions in GOOGLE-CLOSURE-COMPILER

Related Questions in GOOGLE-CLOSURE-LIBRARY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions