Skip to content
This repository was archived by the owner on Apr 8, 2020. It is now read-only.

Content security policy #345

Closed
MrCrimp opened this issue Sep 30, 2016 · 1 comment
Closed

Content security policy #345

MrCrimp opened this issue Sep 30, 2016 · 1 comment

Comments

@MrCrimp
Copy link

MrCrimp commented Sep 30, 2016

The following files where reported from content security policy checking
domain-task/fetch.js

Inline eval() and functions() are not compliant with content security policy
var isBrowser = (new Function('try { return this === window; } catch (e) { return false; }'))();

This is how I'd do the same test

export const isNode = (typeof process === 'object' && Object.prototype.toString.call(process) === '[object process]');
export const isBrowser = !isNode && Object.prototype.toString.call(window) === '[object Window]';
@SteveSandersonMS
Copy link
Member

Thanks for the suggestion. In the end I used the following test as it's quite succinct and explicit:

const isNode = typeof process === 'object' && process.versions && !!process.versions.node;

If you think there's anything inadequate about that test, please let us know!

@snyk-bot snyk-bot mentioned this issue Jul 13, 2021
Open
@snyk-bot snyk-bot mentioned this issue Sep 4, 2021
Open
@harunpehlivan harunpehlivan mentioned this issue Jun 30, 2022
Open
This was referenced Nov 5, 2022
Open
Open
@snyk-bot snyk-bot mentioned this issue Dec 26, 2022
Open
@harunpehlivan harunpehlivan mentioned this issue Dec 26, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MrCrimp @SteveSandersonMS