Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
OverlayScrollbars requires unsafe "Content Security Policy"
See original GitHub issueThe current version uses eval and cannot be used with default Content-Security-Policy (http://www.w3.org/TR/CSP/, https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) headers.
Sample code:
instance.scroll("+=500px");
Browser interrupts execution here.
Known workarounds:
- Use number values (
instance.scroll(500)). - Set policy to
unsafe-evalwhich defeats the purpose of CSP.
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
third_party/blink/web_tests/VirtualTestSuites - chromium/src.git
"The skipped base test requires a compositor to pass as root scrollbar scrolling", ... "bases": ["external/wpt/content-security-policy/inside-worker",.
Read more >Is there any way to fix 'unsafe-eval' of Content-Security-Policy ...
I tried strict CSP, but it stops jquery , website layouts gets changed, and some functionalities stopped working. This is what I have:...
Read more >extensions.webextensions.base-content-security-policy
Registry Hive, HKEY_LOCAL_MACHINE. Registry Path, Software\Policies\Mozilla\lockPref. Value Name, extensions.webextensions.base-content-security-policy.
Read more >Timeline - WebKit Trac
and are used to update the state of overlay scrollbars. ... http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html: ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@nuthinking Thats not possible, since the eval has its purpose. Until now
eval()was called if you passed a string, but it’s not always necessary to use eval if you pass a string. You can pass simple values such as"+=100px", but you can also use units such as"+=50%", and you can even pass complex calculations such as"+=(50% - 15px) / 2".To avoid the
eval()you have to pass simple values without units (exceptpx- its not treated as a unit, so"+=100px"is possible too) but the eval is critical if you pass numbers with units or complex calculations. The next version will work this way, so this error won’t occur with the example posted from @vobruba-martin anymore.Since there wasn’t any activity since a few months, I’ll close this issue for now. In case this problem isn’t solved like above described or the plugin isn’t usable at all, please don’t hesitate to reopen the issue.