dijit/form/_FormSelectWidget:getOptions breaks without CSP unsafe-eval

The `getOptions` function in 1.16.3 contains the following snippet:
```
			if(lang.isArrayLike(valueOrIdx)){
				return array.map(valueOrIdx, "return this.getOptions(item);", this); // __SelectOption[]
			}
```

By providing a string for the callback value, the array module then attempts to create a Function from the string. This fails when unsafe-eval is not allowed by the content-security-policy and could be rewritten to pass a function instead of a string e.g.
```
return array.map(valueOrIdx, (item) => this.getOptions(item), this); // __SelectOption[]
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

dijit/form/_FormSelectWidget:getOptions breaks without CSP unsafe-eval #188

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

dijit/form/_FormSelectWidget:getOptions breaks without CSP unsafe-eval #188

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions