Skip to content

fix: OPTIC-1966: Address CSP issue by removing unsafe-eval usage #7377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

fix: OPTIC-1966: Address CSP issue by removing unsafe-eval usage #7377

wants to merge 2 commits into from

Conversation

bmartel
Copy link
Contributor

@bmartel bmartel commented Apr 15, 2025

Internal PR for testing workflows, all work and comments shall be addressed in the original #7189

benglewis and others added 2 commits March 9, 2025 18:43
@benglewis
Fix CSP issue by removing unsafe-eval usage
2e15e3f 
Fixes #7189

Replace the `Function` constructor in the `getProperty` function with a safer implementation.

* Use a loop to traverse the object properties based on the provided path.
* Remove the usage of `Function` constructor to avoid requiring 'unsafe-eval' in the Content Security Policy.
* Return `undefined` if any property in the path is not found.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/HumanSignal/label-studio/issues/7189?shareId=XXXX-XXXX-XXXX-XXXX).
@bmartel
Merge remote-tracking branch 'origin/develop' into fix-csp-unsafe-eval
0eb7951
@github-actions github-actions bot added the fix label Apr 15, 2025
@netlify Netlify
Copy link

netlify bot commented Apr 15, 2025
edited
Loading

Deploy Preview for label-studio-storybook ready!

Name Link
🔨 Latest commit 0eb7951
🔍 Latest deploy log https://app.netlify.com/sites/label-studio-storybook/deploys/67fe85291051ac0008ba9aa9
😎 Deploy Preview https://deploy-preview-7377--label-studio-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Apr 15, 2025
edited
Loading

Deploy Preview for label-studio-docs-new-theme canceled.

Name Link
🔨 Latest commit 0eb7951
🔍 Latest deploy log https://app.netlify.com/sites/label-studio-docs-new-theme/deploys/67fe852922f805000825940b

@netlify Netlify
Copy link

netlify bot commented Apr 15, 2025
edited
Loading

Deploy Preview for heartex-docs canceled.

Name Link
🔨 Latest commit 0eb7951
🔍 Latest deploy log https://app.netlify.com/sites/heartex-docs/deploys/67fe852ad93caa0008063f44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bmartel @benglewis