Task #95874

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Task #87418: Refactor and remove usage of inline scripts in backend

Avoid JavaScript eval function in FormEngine AjaxDispatcher

Added by Oliver Hader 8 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Backend JavaScript
Target version:
-
Start date:
2021-11-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

AjaxDispatcher uses implicit JavaScript eval, see
https://github.com/TYPO3/typo3/blob/v11.5.2/Build/Sources/TypeScript/backend/Resources/Public/TypeScript/FormEngine/InlineRelation/AjaxDispatcher.ts#L122

→ use JSON handling instead of pure string-eval

require([ModuleA], function(module) { ... });
require([ModuleB], function(module) { ... });

to be

[
  {"type":"javaScriptModuleInstruction","payload":{...}}, // explicit structure via JavaScriptModuleInstruction
  "require([ModuleB], function(module) { ... });" // legacy eval as string
]

Related issues

Is duplicate of TYPO3 Core - Task #95954: Reduce inline JavaScript in FormEngine AJAX responsesResolvedOliver Hader2021-11-10

Actions
#1

Updated by Oliver Hader 8 months ago

  • Is duplicate of Task #95954: Reduce inline JavaScript in FormEngine AJAX responses added
#2

Updated by Oliver Hader 8 months ago

  • Status changed from New to Closed
#3

Updated by Oliver Hader 7 months ago

  • Assignee set to Oliver Hader

Also available in: Atom PDF