v4 Modal transition (fade) violates CSP (script-src 'unsafe-inline')
Closed this issue · 3 comments
deilv commented
Modals with the .fade class trigger an error on show, causing the modal to fail to show and scripts to stop working requiring a page reload. This wasn't a problem in v3 and seems to be caused by the reflow function trying to eval() and inject javascript in the page.
Using branch v4-dev in a Meteor app.
deilv commented
This is the cause of the problem (in util.js
):
reflow: function reflow(element) {
new Function('bs', 'return bs')(element.offsetHeight);
},
I'm trying to figure an alternative way to access the proper global object, without using the function constructor, unless you want to classify this as WontFix as well.
deilv commented
I wonder, wouldn't something like this cause a reflow without creating a new function?
reflow: function reflow(element) {
return element.offsetHeight;
},