Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Dharani Pamidigantam (DharaniP)
TCS
IT Analyst
TCS
IN
DharaniP Member since 2017 2 posts
TCS
Posted: Sep 3, 2020
Last activity: Jan 26, 2022
Posted: 3 Sep 2020 3:18 EDT
Last activity: 26 Jan 2022 8:13 EST
Closed

Unsafe inline and Unsafe eval in CSP

Hi,

 

I have configured CSP with all the options as 'self' but security scan is getting failed because of unsafe inline and unsafe eval. 

Please suggest.

 

Thanks in Advance

To see attachments, please log in.
Pega Platform 7.2
Security
Insurance
System Architect

Posted: 4 years ago
Updated: 4 years ago
Posted: 10 Sep 2020 15:45 EDT
Updated: 20 Sep 2020 13:29 EDT
Hoyath Ali (Hoyath Ali)
Bluevoir
Principle Engineer
Bluevoir
IN

Hi Dharani,

Pega currently uses JS eval and inline JS at many places in the UI platform and removing this would break the UI or result in other unexpected behaviors. 

This has considered as an enhancement for future releases.

Regards,

Hoyath

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice