Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support Trusted Types in EvalSourceMapDevToolPlugin
See original GitHub issueFeature request
What is the expected behavior?
Say webpack is configured with output.trustedTypes = true and devtool = “eval-cheap-module-source-map”. I expect that generated code can still use eval but the script will be created using createScript method from Trusted Types policy.
What is motivation or use case for adding/changing the behavior?
This is needed when working with Trusted Types during local development. Passing string argument into eval() is forbidden when you enforce require-trusted-types-for 'script' CSP directive. This is exactly what EvalSourceMapDevToolPlugin is doing and therefore it is hard to debug such application locally.
How should this be implemented in your opinion?
We could probably follow similar approach as with CreateScriptUrlRuntimeModule and based on whether trusted types are enabled or not return either raw string or output of policy.createScript(). This value can then be passed to eval().
Are you willing to work on this yourself? yes
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@alexander-akait , @sokra , can we pls get a feedback on https://github.com/webpack/webpack/pull/14173? Happy to change the approach if you have any suggestions. Thank you.
Fixed https://github.com/webpack/webpack/pull/14173