Bug ID 552476

Bug Tracker
ID 552476

Bug ID 552476: Use of JavaScript's 'eval' function may be prohibited by site's content security policy

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP FPS(all modules)

Known Affected Versions:
11.6.0, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 11.6.1

Opened: Oct 14, 2015

Severity: 3-Major

Symptoms

Websafe JavaScript does not run on sites that prohibit the use of 'eval' by using CSP headers.

Impact

Websafe JavaScript does not run and false positive 'component check' alerts are received in the dashboard.

Conditions

CSP headers present that do not allow 'unsafe-eval'.

Workaround

None.

Fix Information

Websafe JavaScript now runs as expected, so no false positive 'component check' alerts are received in the dashboard.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips