Question T6414
Visible to All Users

CSP compliance

created 4 years ago

Hello,
Our customers are doing security audit on our application, they asked us to be compliant with CSP, and particularly with scripts "eval" and scripts inline features.
Survey JS includes knockout library that is not CSP compliant. They plan to release a CSP compliant library on the 4th version. We need you to integrate this future release as soon as possible.
Could you please let us know when it will be possible and in which release it will be available ?
thanks in advance for your answer,.
Regards,
Leela

Answers approved by surveyjs Support

created 4 years ago

Hello,
Yes, we are looking for new version of knockout, but it is not released yet.
We are working on SurveyJS Creator V2 and we will have SurveyJS Creator with UI written on react. Here is the link on our development. "…-core", "…-knockout" and "…-react" are Creator V2 packages. We are going to release Beta in March/April.

Thank you,
Andrew
SurveyJS Team

    Other Answers

    created 3 years ago

    Hi, Could you reactualize your answer please ?
    Is there a version of knockout CSP compliant ? if not, when will this version be released ?
    Thanks in advance
    Regards,
    Leela

      Comments (1)

        Hello,

        Is there a version of knockout CSP compliant ?

        The knockout version of SurveyJS Creator is not CSP compliant and never will be due to KnockoutJS nature.

        The ReactJS version of SurveyJS Creator (SurveyJS Creator V2 React) is CSP compliant. It's in beta right now and available for testing in our online demos - https://surveyjs.io/Examples/Survey-Creator?id=options&platform=ReactjsV2

        Thanks, Serge
        SurveyJS Team