unsafe-eval directive, which allows the use of dynamic code evaluation functions such as
eval(). As part of our ongoing efforts to enhance security standards, we're working on removing the dependency on
In the meantime, if your organization's security scanner flags the presence of the
unsafe-inline directive in your Content Security Policy as a workaround.
unsafe-inline directive to your Content Security Policy, especially if:
- your site has a pre-existing Content Security Policy
- you're using web templates and have the Handlebars Gear enabled
- you haven't already included the
unsafe-inlinedirective in your Content Security Policy.
- If you're already using
unsafe-evalelsewhere, you don't have to immediately stop using it. However, you must include the
unsafe-inlinedirective in your Content Security Policy. If your Content Security Policy does not currently have
unsafe-inline, you should not encounter any issues.
- Salesforce Developers: Managing CORS with the Salesforce Interactions SDK Launcher
- Salesforce Developers: Web Template Handlebars
- External Link: MDN Web Docs: