grpc-web-error-details
grpc-web-error-details copied to clipboard
Published
20 hours ago •
shumbo
shumbo
Function('return this')() does not comply with no-unsafe-eval
Hi! 👋
Firstly, thanks for your work on this project! 🙂
Today I used patch-package to patch [email protected] for the project I'm working on.
The global variable Function('return this')(); doesn't comply with CSP no-unsafe-eval rule. This is the same issue described in these two issues with the protobuf package: https://github.com/protocolbuffers/protobuf/issues/6770 and https://github.com/protocolbuffers/protobuf/issues/5464
We're patching our project with the following diff included from patch-package:
diff --git a/node_modules/grpc-web-error-details/dist/lib/code_pb.js b/node_modules/grpc-web-error-details/dist/lib/code_pb.js
index 0df746f..5c6beaa 100644
--- a/node_modules/grpc-web-error-details/dist/lib/code_pb.js
+++ b/node_modules/grpc-web-error-details/dist/lib/code_pb.js
@@ -13,7 +13,7 @@
var jspb = require('google-protobuf');
var goog = jspb;
-var global = Function('return this')();
+var global = (function() { return this || window || global || self; }).call(null);
goog.exportSymbol('proto.google.rpc.Code', null, global);
/**
diff --git a/node_modules/grpc-web-error-details/dist/lib/error_details_pb.js b/node_modules/grpc-web-error-details/dist/lib/error_details_pb.js
index b73688c..85b5ac8 100644
--- a/node_modules/grpc-web-error-details/dist/lib/error_details_pb.js
+++ b/node_modules/grpc-web-error-details/dist/lib/error_details_pb.js
@@ -13,7 +13,7 @@
var jspb = require('google-protobuf');
var goog = jspb;
-var global = Function('return this')();
+var global = (function() { return this || window || global || self; }).call(null);
var google_protobuf_duration_pb = require('google-protobuf/google/protobuf/duration_pb.js');
goog.object.extend(proto, google_protobuf_duration_pb);
diff --git a/node_modules/grpc-web-error-details/dist/lib/status_pb.js b/node_modules/grpc-web-error-details/dist/lib/status_pb.js
index 0cc9e12..2144731 100644
--- a/node_modules/grpc-web-error-details/dist/lib/status_pb.js
+++ b/node_modules/grpc-web-error-details/dist/lib/status_pb.js
@@ -13,7 +13,7 @@
var jspb = require('google-protobuf');
var goog = jspb;
-var global = Function('return this')();
+var global = (function() { return this || window || global || self; }).call(null);
var google_protobuf_any_pb = require('google-protobuf/google/protobuf/any_pb.js');
goog.object.extend(proto, google_protobuf_any_pb);
This issue body was partially generated by patch-package.
