Ember 库导致 "Binding Style Attributes" 弃用警告
Ember library causing "Binding Style Attributes" deprecation warning
我正在尝试使用 ember-cli-file-picker 将文件加载到我的应用程序中以便在浏览器中进行处理。它有效但会引发以下弃用错误
WARNING: Binding style attributes may introduce cross-site scripting
vulnerabilities; please ensure that values being bound are properly escaped.
For more information, including how to disable this warning, see
http://emberjs.com/deprecations/v1.x/#toc_warning-when-binding-style-
attributes.
[Report Only] Refused to apply inline style because it violates the
following Content Security Policy directive: "style-src 'self'". Either the
'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is
required to enable inline execution.
我认为这是因为
progressStyle: computed('progressValue', function() {
var width = this.get('progressValue') || 0;
return htmlSafe('width: ' + width + '%;');
})
在图书馆。我是 ember 的新手,我不确定库是否安全,也不确定如何使用 SafeString
消除弃用警告(如果是)。我该怎么办?
这是 CSP 问题。
您可以通过编辑 config/environment.js 文件来禁用此警告:
查找:
ENV.contentSecurityPolicy = {
并编辑 'style-src' 属性以包含 'unsafe-inline'
'style-src': "'self' 'unsafe-inline'",
我正在尝试使用 ember-cli-file-picker 将文件加载到我的应用程序中以便在浏览器中进行处理。它有效但会引发以下弃用错误
WARNING: Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see http://emberjs.com/deprecations/v1.x/#toc_warning-when-binding-style- attributes.
[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
我认为这是因为
progressStyle: computed('progressValue', function() {
var width = this.get('progressValue') || 0;
return htmlSafe('width: ' + width + '%;');
})
在图书馆。我是 ember 的新手,我不确定库是否安全,也不确定如何使用 SafeString
消除弃用警告(如果是)。我该怎么办?
这是 CSP 问题。
您可以通过编辑 config/environment.js 文件来禁用此警告:
查找:
ENV.contentSecurityPolicy = {
并编辑 'style-src' 属性以包含 'unsafe-inline'
'style-src': "'self' 'unsafe-inline'",