vue-pdf-embed Bug/Security: usage of 'eval' function is blocks pdf rendering when CSP is enabled

Bug/Security: usage of 'eval' function is blocks pdf rendering when CSP is enabled

Open Diana5 opened this issue 2 years ago • 0 comments

PDF cannot be previewed due to the usage of eval function when enabling Content Security Policy with script-src 'self'. In order to overcome this issue unsafe-eval has to be added, but this would only increase security vulnerabilities.

vue-pdf-embed - 1.1.2 vue - 3.2.31 Browser - Firefox/Chrome

Oct 06 '22 10:10 Diana5

vue-pdf-embed vue-pdf-embed copied to clipboard

Bug/Security: usage of 'eval' function is blocks pdf rendering when CSP is enabled

vue-pdf-embed
vue-pdf-embed copied to clipboard