mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
dc9f2732a1
Adds a new experimental Kibana setting called `csp.disableUnsafeEval` which will default to `false`. When set to `true`, it will remove `unsafe-eval` from our CSP. Also introduces a new module called `@kbn/handlebars` which is a replacement for the official `handlebars` module used in the frontend. This new module is necessary in order to avoid calling `eval`/`new Function` from within `handlebars` which is not allowed once `unsafe-eval` is removed from our CSP. The `@kbn/handlebars` module is simply an extension of the main `handlebars` module which adds a new compile function called `compileAST` (as an alternative to the regular `compile` function). This new function will not use code-generation from strings to compile the template but will instead generate an AST and return a render function with the same API as the function returned by the regular `compile` function. This is a little bit slower method, but since this is only meant to be used client-side, the slowdown should not be an issue. The following limitations exists when using `@kbn/handlebars`: The Inline partials handlebars template feature is not supported. Only the following compile options will be supported: - `knownHelpers` - `knownHelpersOnly` - `strict` - `assumeObjects` - `noEscape` - `data` Only the following runtime options will be supported: - `helpers` - `blockParams` - `data` Closes #36311 |
||
|---|---|---|
| .. | ||
| basic.patch | ||
| blocks.patch | ||
| builtins.patch | ||
| compiler.patch | ||
| data.patch | ||
| helpers.patch | ||
| regressions.patch | ||
| security.patch | ||
| strict.patch | ||
| subexpressions.patch | ||
| utils.patch | ||
| whitespace-control.patch | ||