1. Feedback
  2. JavaScript
  3. 30475

Welcome to the JavaScript feedback portal. We’re happy you’re here! If you have feedback on how to improve the JavaScript, we’d love to hear it!

  • Check out the features or bugs others have reported and vote on your favorites. Feedback will be prioritized based on popularity.
  • If you have feedback that’s not listed yet, submit your own.

Thanks for joining our community and helping improve Syncfusion products!

1
Vote

Destroy of TimePicker violates Content-Security-Policy

Hi,

When the TimePicker component is destroyed (destroy() method called) with Content-Security-Policy enabled (disallowed 'unsafe-eval') then below error is logged in the console by the browser:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
    at TimePicker.Function [as rippleFn] ()
    at TimePicker.destroy (ej2-calendars.es2015.js:9703)

After quick investigation it looks like the problem is in below line of code:

https://github.com/syncfusion/ej2-javascript-ui-controls/blob/master/controls/base/src/animation.ts#L313

In our case rippleFn property of TimePIcker is created just as 'Function'. I'm also able to re-create the same error in the console:

Empty


Fix should be as simple as changing problematic line from:

return Function;

to:

return () => {};

Regards,
Michał Pawłowski