diff options
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/AppFramework/Http/ContentSecurityPolicy.php | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php index 3445e8f8802..02a52c6c49d 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php @@ -44,12 +44,8 @@ namespace OCP\AppFramework\Http; class ContentSecurityPolicy extends EmptyContentSecurityPolicy { /** @var bool Whether inline JS snippets are allowed */ protected $inlineScriptAllowed = false; - /** - * @var bool Whether eval in JS scripts is allowed - * TODO: Disallow per default - * @link https://github.com/owncloud/core/issues/11925 - */ - protected $evalScriptAllowed = true; + /** @var bool Whether eval in JS scripts is allowed */ + protected $evalScriptAllowed = false; /** @var array Domains from which scripts can get loaded */ protected $allowedScriptDomains = [ '\'self\'', |