Skip to content

Published version of netlify-cms using eval()s #4367

New issue
New issue
Closed
Closed
Published version of netlify-cms using eval()s#4367
Labels
area: 3rd party dependenciestype: bugcode to address defects in shipped codetype: securitycode to address security issues
@stramel

Description

@stramel
stramel
opened on Sep 26, 2020

Describe the bug

netlify-cms is utilizing eval() in the published code. Usage of eval() is generally frowned upon. It also doesn't seem like eval() is necessary in the majority of its usages.

I noticed one usage of eval(str) which is also frowned upon. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval#Never_use_eval!

To Reproduce

  1. Go to https://unpkg.com/netlify-cms@2.10.60/dist/netlify-cms.js
  2. Search for eval(

Usages:

  • const utilInspect=eval("require('util').inspect")
  • eval(str)
  • var crypto=eval("require('crypto')"),Buffer=eval("require('buffer').Buffer")

Expected behavior

No eval()s to exist in production code.

Applicable Versions:

  • Netlify CMS version: 2.10.60
  • Git provider: GitHub
  • OS: MacOS X
  • Browser version Chrome 85
  • Node.JS version: 12.13.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: 3rd party dependenciestype: bugcode to address defects in shipped codetype: securitycode to address security issues

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions