What is the content-security-policy implication of using eval() or new Function() in JavaScript?

JavaScript Professional Hard

JavaScript Professional — Hard

What is the content-security-policy implication of using eval() or new Function() in JavaScript?

Key points

Omitting 'unsafe-eval' in CSP blocks eval() and new Function()
Both methods require 'unsafe-eval' to be explicitly allowed
'unsafe-eval' is a necessary source expression in script-src directive

Ready to go further?

Start full exam Practice more questions

Related questions