Skip to content

Commit 72e811f

Browse files
CrocmagnonCrocmagnon
authored
Highlight the whole eval() override
I updated the link to hightlight not only the first line but the whole `window.eval()` override.
1 parent eedac77 commit 72e811f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

docs/tutorial/security.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ This is not bulletproof, but at the least, you should attempt the following:
5757
* Do not disable `webSecurity`. Disabling it will disable the same-origin policy.
5858
* Define a [`Content-Security-Policy`](http://www.html5rocks.com/en/tutorials/security/content-security-policy/)
5959
, and use restrictive rules (i.e. `script-src 'self'`)
60-
* [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6)
60+
* [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)
6161
, which allows strings to be executed as code.
6262
* Do not set `allowDisplayingInsecureContent` to true.
6363
* Do not set `allowRunningInsecureContent` to true.

0 commit comments

Comments
 (0)