Bug ID 719198: Disable eval execution in websafe's code

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP FPS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1

Fixed In:
14.1.0

Opened: May 09, 2018
Severity: 4-Minor

Symptoms

In Pages where CSP is enabled and as a result eval is execution is blocked, there's an option to disable its execution in websafe's javascript.

Impact

There's a javascript error, "Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src"). Source: call to eval() or related function blocked by CSP."

Conditions

Pages where CSP enabled and in particular eval is not allowed.

Workaround

N/A

Fix Information

A new option via the "Before Load Function" to disable eval in websafe's javascript.

Behavior Change