|
|
|
|
|
|
by andersmurphy
432 days ago
|
|
|
Please don't cargo cult CSP without understanding it. unsafe-eval constrained to function constructors without inline scripts is only a concern if you are rendering user submitted HTML (most common case I see is markdown). Regardless of your CSP configuration you should be sanitizing that user submitted HTML anyway. |
|
|