mashpie
`__mf` crashes with `EvalError` under a restrictive Content-Security-Policy
When using __mf in a website with a Content-Security-Policy that does not allow unsafe-eval, __mf crashes with EvalError: Code generation from strings disallowed for this context.
The upstream issue suggests this will not be fixed in @messageformat/core, and suggests switching to intl-messageformat.
- messageformat/messageformat#180
Thank you for improving and providing the PR. Two points from my side:
-
i18n-node as a server side lib was not intended for any kind of browser side use (And thus normally not affected by CSP). I would be interested in more details on your use case and implementation, maybe in a demo repo?
-
Switching dependencies while improving features and/or maintenance is always much appreciated. My concern is about backward-compatibility, esp. as I doubt all business requirements are actually covered in tests. So this will definitively get merged, but needs more review and probably a version bump.
My application is Zulip Desktop; it’s an open source Electron app that uses Content-Security-Policy for security.
It’s very possible that i18n-node is the wrong fit for this application (it inherited many years of bad design decisions before I was involved), but switching would be a chore that probably involves rewriting a lot of translated messages in every language, so I figured I would try contributing improvements first.
Thanks for taking a look!