[openstreetmap/openstreetmap-website] update script-src CSP rules for iD (PR #4841)
Martin Raifer
notifications at github.com
Wed May 29 09:29:48 UTC 2024
> but as far as I can see, neither the current mapillary SDK nor any other parts of iD perform any dirty tricks with eval & co.
Actually, this was wrong. Mapillary-js does still do this in one occasion:
https://github.com/mapillary/mapillary-js/blob/v4.1.2/src/graph/FilterCreator.ts#L45
#4856 fixes it
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4841#issuecomment-2136963732
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4841/c2136963732 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240529/0d9b86b2/attachment.htm>
More information about the rails-dev
mailing list