Hello,
Our customers are doing security audit on our application, they asked us to be compliant with CSP, and particularly with scripts "eval" and scripts inline features.
Survey JS includes knockout library that is not CSP compliant. They plan to release a CSP compliant library on the 4th version. We need you to integrate this future release as soon as possible.
Could you please let us know when it will be possible and in which release it will be available ?
thanks in advance for your answer,.
Regards,
Leela
CSP compliance
Answers approved by surveyjs Support
Hello,
Yes, we are looking for new version of knockout, but it is not released yet.
We are working on SurveyJS Creator V2 and we will have SurveyJS Creator with UI written on react. Here is the link on our development. "…-core", "…-knockout" and "…-react" are Creator V2 packages. We are going to release Beta in March/April.
Thank you,
Andrew
SurveyJS Team
Other Answers
Hi, Could you reactualize your answer please ?
Is there a version of knockout CSP compliant ? if not, when will this version be released ?
Thanks in advance
Regards,
Leela
Hello,
Is there a version of knockout CSP compliant ?
The knockout version of SurveyJS Creator is not CSP compliant and never will be due to KnockoutJS nature.
The ReactJS version of SurveyJS Creator (SurveyJS Creator V2 React) is CSP compliant. It's in beta right now and available for testing in our online demos - https://surveyjs.io/Examples/Survey-Creator?id=options&platform=ReactjsV2
Thanks, Serge
SurveyJS Team