sqlectron-gui
sqlectron-gui copied to clipboard
sqlectron
Migrate JointJS away from custom elements based on templates
We have unsafe-eval enable for CSP rules because of JointJS. We even talked about removing the diagram support in order to get the app in a security state without trying to figure out how to handle it properly in JointJS https://github.com/sqlectron/sqlectron-gui/pull/638. But I thought better about it and the diagram is a quite nice feature, although I never use it, so it would be better instead ignore the CSP warning for now and change the diagram implementation later to properly handle the security issue.
I think unsafe-eval is required because the diagram shapes are built using a template approach. I tested building a simple shape using the standard way and it worked without usafe-eval enabled.
Here are some references for when we get more time to work on this:
- https://resources.jointjs.com/tutorial/custom-elements
- https://github.com/clientIO/joint/tree/master/demo/html (it was suggested by a Joint contributor as a new better way of building custom HTML components https://github.com/clientIO/joint/issues/1192#issuecomment-537913633)
- https://github.com/clientIO/joint/blob/master/src/shapes/uml.mjs
- https://resources.jointjs.com/tutorial/html-elements (how we do it now with templates)
- http://jsfiddle.net/69a3d4mo/9/ (test changes)
