Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use with a Content Security Policy that prohibits unsafe-eval? #298

Closed
brianmhunt opened this issue Oct 16, 2014 · 1 comment
Closed

Use with a Content Security Policy that prohibits unsafe-eval? #298

brianmhunt opened this issue Oct 16, 2014 · 1 comment

Comments

@brianmhunt
Copy link

I saw a new Function in the code, so I expect that nunjucks cannot be used without a Content Security Policy that permits unsafe-eval.

As templates are a targeted injection point for malicious code, it would be good if one could use nunjucks while Function/eval are prohibited.
@jlongster
Copy link
Contributor

You definitely can use it with CSP, but you have to precompile your templates. If they are precompiled you just include them like normal JS and nunjucks will use them instead of dynamically creating them: http://mozilla.github.io/nunjucks/api.html#precompiling

@brianmhunt brianmhunt mentioned this issue Jun 8, 2016
Closed
@ataylormays-duetto ataylormays-duetto mentioned this issue Nov 30, 2021
Open
@fregante fregante mentioned this issue Nov 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlongster @brianmhunt