1. Feedback
  2. React
  3. 65187

Welcome to the React feedback portal. We’re happy you’re here! If you have feedback on how to improve the React, we’d love to hear it!

  • Check out the features or bugs others have reported and vote on your favorites. Feedback will be prioritized based on popularity.
  • If you have feedback that’s not listed yet, submit your own.

Thanks for joining our community and helping improve Syncfusion products!

0
Votes

MultiSelectComponent - EvalError: Content Security Policy (unsafe-eval)

While evaluating Syncfusion's components, in the MultiSelectComponent, when using "showSelectAll" together with "unSelectAllText" / "selectAllText", I get a content warning:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

The selectAllText and unSelectAllText are simple string properties, that presumably use some template evaluation under the hood. I would like to see an update remedy the issue.

I have read replies from your support staff elsewhere on the forum that suggests allowing "unsafe-eval" in the HTML headers. Unfortunately, this workaround is not acceptable due to the security risks it presents. In my personal opinion, Syncfusion should discourage the use of unsafe practises rather than recommend them.