'unsafe-eval' is not an allowed source of script

[reckerswartz]

client_side_validations/coffeescript/rails.validations.coffee

Line 335 in b393a8b

tokenized_length = new Function('element', "return (element.val().#{tokenizer} || '').length")(element)

client_side_validations/coffeescript/rails.validations.coffee

Line 352 in b393a8b

fn = new Function("return #{tokenized_length} #{operator} #{options[check]}")

Above line of codes produces error

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive.

helpful links:-

• https://github.com/jamesallardice/jslint-error-explanations/blob/master/message-articles/function-constructor.md
• http://jslint.fantasy.codes/the-function-constructor-is-eval

Environment

• Version used: 11.1
• Browser Name and version: Google Chrome Version 64.0.3282.140 (Official Build) (64-bit)
• Operating System and version (desktop or mobile): Windows 10 Pro (64-bit)

[tagliala]

Hi,

thanks for reporting this

A PR would be hugely appreciated

[reckerswartz]

Will provide PR soon.

[tagliala]

@reckerswartz thanks

I gave a fast look, it doesn't look easy

By the way, there are three calls to Function that should be addressed.

The tokenizer seems the most complex. Fortunately, tokenizer option has been deprecated and we could bump the major version number and drop that feature

[reckerswartz]

@tagliala thanks for giving look to it.
tokenizer will be droped in PR.

[tagliala]

you're welcome, thank you!

Please make sure yarn: lint and rake test:js pass.

Sorry, but the javascript part is poorly documented

[reckerswartz]

rake test:js
Opening test app at http://localhost:4567 ...
== Sinatra (v2.0.0) has taken the stage on 8080 for development with backup from Thin
Thin web server (v1.7.2 codename Bachmanity)
Maximum connections set to 1024
Listening on localhost:8080, CTRL+C to stop
ERROR: no web browser detected

error on cloud9.

[tagliala]

@reckerswartz javascript unit tests require a real browser installed on the machine. The browser should be configured to open links from the command line

I need help on this: #591

[reckerswartz]

#591 I need some time to work on it and your help too 🆘 .

[tagliala]

@reckerswartz since that is not a priority, just check that rake test:js pass on your local machine then submit the PR

[reckerswartz]

Hey,
can you tell me how can I regenerate javascript after modifying CoffeeScript?

[tagliala]

rake regenerate_javascript

if you run the test, the javascript will be automatically regenerated

[tagliala]

@reckerswartz I've implemented this in 191a265