AtHeartEngineer/ejs
1
0
Fork 0
mirror of https://github.com/CryptKeeperZK/ejs.git synced 2026-01-09 15:37:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: ejs evalerror with browser extension

Browse Source
This commit is contained in:
isk
2023-08-18 12:52:20 +02:00
parent 29b076cdbb
commit 01a91d7409
4 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@@ -1,3 +1,18 @@
# `@cryptkeeperzk/ejs`:
```
NOTE: Since ejs.js is being used through Snark.js, which is used inside CryptKeeper ZK Browser Extension.
We faced this error:
`
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval'
is not an allowed source of script in the following Content Security Policy directive:
"script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*".
`
Therefore, according to this issue: https://github.com/mde/ejs/issues/468
We forked the main ejs to adjust this line with this suggested solution: https://github.com/facebook/regenerator/issues/336#issuecomment-355832435
```
Embedded JavaScript templates<br/> Embedded JavaScript templates<br/>
[![Known Vulnerabilities](https://snyk.io/test/npm/ejs/badge.svg?style=flat)](https://snyk.io/test/npm/ejs) [![Known Vulnerabilities](https://snyk.io/test/npm/ejs/badge.svg?style=flat)](https://snyk.io/test/npm/ejs)
============================= =============================

13
lib/ejs.js
View File

@@ -102,11 +102,20 @@ exports.localsName = _DEFAULT_LOCALS_NAME;
* Promise implementation -- defaults to the native implementation if available * Promise implementation -- defaults to the native implementation if available
* This is mostly just for testability * This is mostly just for testability
* *
* NOTE: Since we ejs.js is being used through Snark.js, which is used inside CryptKeeper ZK Browser Extension.
* We faced this error:
* ```
* Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval'
* is not an allowed source of script in the following Content Security Policy directive:
* "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' http://localhost:* http://127.0.0.1:*".
* ```
* Therefore, according to this issue: https://github.com/mde/ejs/issues/468
* We forked the main ejs to adjust this line with this suggested solution: https://github.com/facebook/regenerator/issues/336#issuecomment-355832435
*
* @type {PromiseConstructorLike} * @type {PromiseConstructorLike}
* @public * @public
*/ */
var g = (function() { return this ? this : typeof self !== 'undefined' ? self : undefined})() || Function("return this")();
exports.promiseImpl = (new Function('return this;'))().Promise;
/** /**
* Get the path to the included file from the parent file path and the * Get the path to the included file from the parent file path and the

4
package-lock.json generated
View File

@@ -1,12 +1,12 @@
{ {
"name": "ejs", "name": "ejs",
"version": "3.1.8", "version": "3.1.9",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "ejs", "name": "ejs",
"version": "3.1.8", "version": "3.1.9",
"license": "Apache-2.0", "license": "Apache-2.0",
"dependencies": { "dependencies": {
"jake": "^10.8.5" "jake": "^10.8.5"

2
package.json
View File

@@ -1,5 +1,5 @@
{ {
"name": "ejs", "name": "@cryptkeeperzk/ejs",
"description": "Embedded JavaScript templates", "description": "Embedded JavaScript templates",
"keywords": [ "keywords": [
"template", "template",