Task #63712

Avoid use of eval() and replace it

Added by Job Rutgers over 6 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2015-09-30
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The use of the eval() can be slow and insecure, so maybe it's better to avoid and replace it.
More info on:
http://www.nczonline.net/blog/2013/06/25/eval-isnt-evil-just-misunderstood/

After it is implemented it should be possible to use (in nginx):

add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'";

Now 'unsafe-eval' still needed in default-src


Subtasks

Bug #70205: Remove eval from TCA slider JavaScriptClosedAndreas Fernandez2015-09-30

Actions

Related issues

Related to TYPO3 Core - Bug #61996: unsafe-evalClosed2014-10-01

Actions
Related to TYPO3 Core - Task #17626: JS-function checkSubmit should not use evalClosedFrank Naegler2007-09-24

Actions
Related to TYPO3 Core - Task #73047: Content-Security-Policy for the BackendClosed2016-01-31

Actions

Also available in: Atom PDF