unsafe:javascript:; multiselect (select2) breaks in strict Content Security Policy apps,

Question

unsafe:javascript:; multiselect (select2) breaks in strict Content Security Policy apps,

binaryhq opened this issue 6 years ago · 2 comments

Description:
multiselect (select2) breaks in strict Content Security Policy apps.
I'm using select2 theme of UI-SELECT with multiselect option. When i close selected item, it makes an browser to show alert message. related to this commit

I don't have plunker url, since we can not define strict content policy in plunker:

Angularjs1.7, UI-Select 0.18, and Select2 CSS

Answer 1 · 2019-01-14T10:11:44.000Z

Have the same issue.

Answer 2 · 2019-04-15T11:25:30.000Z

I have the same Issue after upgrading AngularJs .

But i found an solution:
https://anotherdevblog.com/2018/06/27/angularjs-adds-unsafe-before-links/

You only need to allow "javascript" Protocol to href elements.

angular.module("app", []) .config(['$compileProvider', function ($compileProvider) { $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|javascript):/); }]);