EasyUI Forum

General Category => EasyUI for jQuery => Topic started by: devnull on June 12, 2020, 06:00:37 AM


Title: CSP Violation when clicking any Combobox Dropdown
Post by: devnull on June 12, 2020, 06:00:37 AM
I am trying to implement CSP on my application, I have succeeded and are using sha256 digests on my inline scripts and the page now load without any error.

But as soon as I click on an element, such as a combobox, or open a panel I get a violation.

Any body else experienced / solved this problem while maintaining security ?




Title: Re: CSP Violation when clicking any Combobox Dropdown
Post by: devnull on June 13, 2020, 03:11:35 AM
This appears to be the jquery function that is triggering the error, but I have no idea why:

Code:
function () {
    var t,
    n,
    r = N.createElement('div');
    for (t in {
      submit: !0,
      change: !0,
      focusin: !0
    }) n = 'on' + t,
    (c[t + 'Bubbles'] = n in e) || (r.setAttribute(n, 't'), c[t + 'Bubbles'] = !1 === r.attributes[n].expando);
    r = null
  }();
  var V = /^(?:input|select|textarea)$/i,
  J = /^key/,
  Y = /^(?:mouse|pointer|contextmenu)|click/,
  G = /^(?:focusinfocus|focusoutblur)$/,
  Q = /^([^.]*)(?:\.(.+)|)$/;

specifically, this is the line that gets highlighted when the error occurs:

Code:
(c[t + 'Bubbles'] = n in e) || (r.setAttribute(n, 't'), c[t + 'Bubbles'] = !1 === r.attributes[n].expando);

Title: Re: CSP Violation when clicking any Combobox Dropdown
Post by: devnull on June 13, 2020, 03:19:26 AM
I think it is somehow related to panel open / close, I get no errors when clicking a tab, but every control that uses panels seems to trigger an immediate vialoation.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines