Ember 库导致 "Binding Style Attributes" 弃用警告

Ember library causing "Binding Style Attributes" deprecation warning

我正在尝试使用 ember-cli-file-picker 将文件加载到我的应用程序中以便在浏览器中进行处理。它有效但会引发以下弃用错误

WARNING: Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see http://emberjs.com/deprecations/v1.x/#toc_warning-when-binding-style- attributes.

[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

我认为这是因为

progressStyle: computed('progressValue', function() {
  var width = this.get('progressValue') || 0;

  return htmlSafe('width: ' + width + '%;');
})

在图书馆。我是 ember 的新手,我不确定库是否安全,也不确定如何使用 SafeString 消除弃用警告(如果是)。我该怎么办?

这是 CSP 问题。

您可以通过编辑 config/environment.js 文件来禁用此警告:

查找:

ENV.contentSecurityPolicy = {

并编辑 'style-src' 属性以包含 'unsafe-inline'

'style-src': "'self' 'unsafe-inline'",