How to get unsafe-eval compliant Fabric js and lodash js

Question

Using lodash and fabric js in my application but both are not as per Content Security Policy (CSP).

Showing error as:

Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' ".

Is there any way to get CSP compliant lodash and fabric js both?

score 1 · Accepted Answer · answered Nov 22 '17 at 09:21

The new default build of fabricJS has removed named accessors to get rid of some eval.

Fabric cannot be built yet eval safe since patterns and clipTo are not removable.

We are working on it to remove all the functionalities that require code restoring from string and swapping them with something similar but without eval

How to get unsafe-eval compliant Fabric js and lodash js

1 Answers1