I'm trying to use the ember-cli-file-picker to load a file into my app for processing in the browser. It works but raises the following deprecation error
WARNING: Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see http://ift.tt/1PYJXLZ attributes.
[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
I'm thinking that this is because of
progressStyle: computed('progressValue', function() {
var width = this.get('progressValue') || 0;
return htmlSafe('width: ' + width + '%;');
})
in the library. I'm pretty new at ember, and am not positive that the library is safe, nor how to silence the deprecation warning using SafeString if it is. What should I do?
Aucun commentaire:
Enregistrer un commentaire