Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Profiler] Fix dump makes toolbar disappear#27189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
nicolas-grekas approved these changesMay 7, 2018
fabpot approved these changesMay 9, 2018
Member
fabpot commentedMay 9, 2018
Thank you@ogizanagi. |
fabpot added a commit that referenced this pull requestMay 9, 2018
This PR was merged into the 4.1 branch.Discussion----------[Profiler] Fix dump makes toolbar disappear| Q | A| ------------- | ---| Branch? | 4.1 <!-- see below -->| Bug fix? | yes| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->| BC breaks? | no <!-- seehttps://symfony.com/bc -->| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->| Tests pass? | yes <!-- please add some, will be required by reviewers -->| Fixed tickets |#27180 <!-- #-prefixed issue number(s), if any -->| License | MIT| Doc PR | N/ADon't know if there is a better solution than executing eval on the global scope.For ref:https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval> If you use the eval function indirectly, by invoking it via a reference other than eval, as of ECMAScript 5 it works in the global scope rather than the local scope. This means, for instance, that function declarations create global functions, and that the code being evaluated doesn't have access to local variables within the scope where it's being called.Commits-------0cd51ae [Profiler] Fix dump makes toolbar disappear
stof reviewedMay 9, 2018
| /* Evaluate in global scope scripts embedded inside the toolbar*/ | ||
| eval.call({}, ([].slice.call(el.querySelectorAll('script')).map(function (script) { | ||
| returnscript.firstChild.nodeValue; | ||
| }).join('\n'))); |
Member
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
we should join them using;\n to avoid issues in case of having a script without a final semi-colon. The ASI rules might not always end a statement on a newline char.
ContributorAuthor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thanks. Fixed in0998710
Merged
fabpot added a commit that referenced this pull requestJun 13, 2018
… toolbar (stof)This PR was merged into the 4.1 branch.Discussion----------Avoid calling eval when there is no script embedded in the toolbar| Q | A| ------------- | ---| Branch? | 4.1| Bug fix? | yes| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets |#27583| License | MIT| Doc PR | n/a#27189 changed the way embedded scripts were eval'd for the toolbar. But it also refactored the code in a way triggering `eval` all the time, even when there is no embedded script, which was reported several times as an issue with CSP.While the debug panel (showing dumps) still requires having `unsafe-eval` in the CSP header (due to embedding scripts that we eval), this PR reverts back to the behavior of Symfony 4.0 and older, where only toolbars actually embedding scripts have this CSP compat issue.Commits-------a0f78a5 Avoid calling eval when there is no script embedded in the toolbar
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Don't know if there is a better solution than executing eval on the global scope.
For ref:https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval