|
|
|
|
|
|
by j13n
441 days ago
|
|
|
The linked post relies on the Datastar project, which requires use of `unsafe-eval` in one’s Content-Security-Policy [1]: > When using a Content Security Policy (CSP), unsafe-eval must be allowed for scripts, since Datastar evaluates expressions using an IIFE (Immediately Invoked Function Expression). The project itself links to Mozilla’s docs on CSP, which state: > The unsafe-eval keyword can be used to override this behavior, and as with unsafe-inline, and for the same reasons: developers should avoid unsafe-eval. Out of the box, htmx uses a similar approach, but one can disable this use of eval [2]: htmx.config.allowEval - can be set to false to disable all features of htmx that rely on eval:
- event filters
- hx-on: attributes
- hx-vals with the js: prefix
- hx-headers with the js: prefix
[1]: https://github.com/starfederation/datastar/blob/develop/site...[2]: https://htmx.org/docs/#configuration-options |
|
|