[formula-parser GH #18] Content Security Policy - eval()

gregoire.spiers · 8 May 2017 07:22

The formula parser of handsontable uses eval() function which is unsafe and cannot be used with a secure CSP.

Can you please tell me:

How I can easily remove the formula parser from handsontable.full.js (I don’t need it) ?
I mean, other than manually doing ctrl + F and erase eval(), is there a way for me to release handsontable PRO without this plugin ?
Is it possible to release a new version of the parser without eval() ?

Right now the library is not usable in production which is a major issue for us.

Thank you

aleksandra_budnik · 27 January 2017 14:22

You are right @gregoire.spiers We have to delete it.

The following issue was also reported on our Github board at https://github.com/handsontable/formula-parser/issues/18 with a ‘high’ priority.

Please check updates to https://github.com/handsontable/formula-parser/issues/18 to stay up-to-date with this issue.