Skip to content
This repository has been archived by the owner on Oct 2, 2019. It is now read-only.

unsafe:javascript:; multiselect (select2) breaks in strict Content Security Policy apps, #2174

Open
binaryhq opened this issue Dec 31, 2018 · 2 comments
Open

unsafe:javascript:; multiselect (select2) breaks in strict Content Security Policy apps, #2174

binaryhq opened this issue Dec 31, 2018 · 2 comments

Comments

@binaryhq
Copy link

binaryhq commented Dec 31, 2018
edited
Loading

Description:
multiselect (select2) breaks in strict Content Security Policy apps.
I'm using select2 theme of UI-SELECT with multiselect option. When i close selected item, it makes an browser to show alert message. related to this commit

I don't have plunker url, since we can not define strict content policy in plunker:

Angularjs1.7, UI-Select 0.18, and Select2 CSS
@sweatC
Copy link

sweatC commented Jan 14, 2019
edited
Loading

Have the same issue.

@seyon
Copy link

seyon commented Apr 15, 2019

I have the same Issue after upgrading AngularJs .

But i found an solution:
https://anotherdevblog.com/2018/06/27/angularjs-adds-unsafe-before-links/

You only need to allow "javascript" Protocol to href elements.

angular.module("app", []) .config(['$compileProvider', function ($compileProvider) { $compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|ftp|mailto|javascript):/); }]);

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seyon @binaryhq @sweatC