Project

General

Profile

Actions

Task #95874

closed

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Task #87418: Refactor and remove usage of inline scripts in backend

Avoid JavaScript eval function in FormEngine AjaxDispatcher

Added by Oliver Hader about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Backend JavaScript
Target version:
-
Start date:
2021-11-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

AjaxDispatcher uses implicit JavaScript eval, see
https://github.com/TYPO3/typo3/blob/v11.5.2/Build/Sources/TypeScript/backend/Resources/Public/TypeScript/FormEngine/InlineRelation/AjaxDispatcher.ts#L122

→ use JSON handling instead of pure string-eval

require([ModuleA], function(module) { ... });
require([ModuleB], function(module) { ... });

to be

[
  {"type":"javaScriptModuleInstruction","payload":{...}}, // explicit structure via JavaScriptModuleInstruction
  "require([ModuleB], function(module) { ... });" // legacy eval as string
]

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Task #95954: Reduce inline JavaScript in FormEngine AJAX responsesClosedOliver Hader2021-11-10

Actions
Actions

Also available in: Atom PDF