Bug ID 552476: Use of JavaScript's 'eval' function may be prohibited by site's content security policy

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0, 11.6.1

Opened: Oct 14, 2015

Severity: 3-Major

Symptoms

Websafe JavaScript does not run on sites that prohibit the use of 'eval' by using CSP headers.

Impact

Websafe JavaScript does not run and false positive 'component check' alerts are received in the dashboard.

Conditions

CSP headers present that do not allow 'unsafe-eval'.

Workaround

None.

Fix Information

Websafe JavaScript now runs as expected, so no false positive 'component check' alerts are received in the dashboard.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips