On Tuesday, December 30, 2014 8:35:23 PM UTC+1, Dave S wrote: > > > > On Tuesday, December 30, 2014 7:32:15 AM UTC-8, Niphlod wrote: >> >> I don't get what you're asking for. If you choose to create *your* own >> policy and part of *your* application uses something that *your* own >> policy discards, there's nothing *web2py* can do. >> >> > If it were me, I'd be asking for suggestions that either > > a) modify the policy in a way that maintains security but allows the > calendar.js to work > (this would likely be a suggestion from someone with experience with > security policies) > the policy is a single-line header with no possibility to set "per-file" policies, i.e. allow eval for just calendar.js
> b) suggest a way to remove the dependency on 'eval' > (this would likely be a suggestion from someone with experience swapping > js files under web2py) > > The scaffolding app "adoptes" a calendar widget that is not forced upon anybody (web2py is a python framework to make apps, and the scaffolding app is not a solution for every problem). If "eval" in calendar.js is such a threat that the app (or the coder) can't take, he should evaluate another widget. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
