mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: CSP with unsafe-eval detection with Trusted Types (#27446)

Browse source
This commit is contained in:
Milan Burda 2021-01-25 02:31:25 +01:00 committed by GitHub
parent 4a5c5843c4
commit 64b7be751a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 63 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/renderer/security-warnings.ts
View file

@ -81,7 +81,7 @@ const isUnsafeEvalEnabled: () => Promise<boolean> = function () {
// Call _executeJavaScript to bypass the world-safe deprecation warning
return (webFrame as any)._executeJavaScript(`(${(() => {
try {
new Function(''); // eslint-disable-line no-new,no-new-func
eval(window.trustedTypes.emptyScript); // eslint-disable-line no-eval
} catch {
return false;
}