Bug ID 552476: Use of JavaScript's 'eval' function may be prohibited by site's content security policy

Last Modified: Oct 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0, 11.6.1

Opened: Oct 14, 2015
Severity: 3-Major

Symptoms

Websafe JavaScript does not run on sites that prohibit the use of 'eval' by using CSP headers.

Impact

Websafe JavaScript does not run and false positive 'component check' alerts are received in the dashboard.

Conditions

CSP headers present that do not allow 'unsafe-eval'.

Workaround

None.

Fix Information

Websafe JavaScript now runs as expected, so no false positive 'component check' alerts are received in the dashboard.

Behavior Change