Skip to content

CSP violations for unsafe-inline in [email protected] #10229

@tomtomau

Description

@tomtomau

Configuration:

  • Chrome
  • Mac OSX
  • PDF.js version: pdfjs-dist 2.0.943
  • Is a browser extension: false

We have a content security policy that prevents unsafe-inline.

Unfortunately, after upgrading to 2.0.943, pdfjs-dist/build/pdf.js now has a Function("return this") call (which violates CSP.

My understanding was this was introduced when support for async/await and generators was added to the gulpfile.js.

Upon searching for the babel plugin and finding the GitHub issues, I find only two issues which don't really seem to be covering the issue.

I'm unsure of how to build my own version of pdfjs-dist to try and isolate to see if this is definitively the issue, so just posting this to see if I can get some help/pointers!

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions