Project

General

Profile

Actions
Copy link

Task #63712

closed

Avoid use of eval() and replace it

Added by Job Rutgers almost 10 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
7 LTS
Start date:
2015-09-30
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The use of the eval() can be slow and insecure, so maybe it's better to avoid and replace it.
More info on:
http://www.nczonline.net/blog/2013/06/25/eval-isnt-evil-just-misunderstood/

After it is implemented it should be possible to use (in nginx):

add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'";

Now 'unsafe-eval' still needed in default-src

Subtasks 1 (0 open1 closed)

Bug #70205: Remove eval from TCA slider JavaScriptClosedAndreas Kienast2015-09-30

Actions

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Bug #61996: unsafe-evalClosed2014-10-01

Actions
Related to TYPO3 Core - Task #17626: JS-function checkSubmit should not use evalClosedFrank Nägler2007-09-24

Actions
Related to TYPO3 Core - Task #73047: Content-Security-Policy for the BackendClosed2016-01-31

Actions
Actions
Copy link

Also available in: Atom PDF