Skip to content

dijit/form/_FormSelectWidget:getOptions breaks without CSP unsafe-eval #188

Description

@jwadamson

The getOptions function in 1.16.3 contains the following snippet:

			if(lang.isArrayLike(valueOrIdx)){
				return array.map(valueOrIdx, "return this.getOptions(item);", this); // __SelectOption[]
			}

By providing a string for the callback value, the array module then attempts to create a Function from the string. This fails when unsafe-eval is not allowed by the content-security-policy and could be rewritten to pass a function instead of a string e.g.

return array.map(valueOrIdx, (item) => this.getOptions(item), this); // __SelectOption[]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions