Dojo

dijit/form/_FormSelectWidget:getOptions breaks without CSP unsafe-eval

The getOptions function in 1.16.3 contains the following snippet: return array.map(valueOrIdx, "return this.getOptions(item);", this)

By providing a string for the callback value, the array module then attempts to create a Function from the string. This fails when unsafe-eval is not allowed by the content-security-policy and could be rewritten to pass a function instead of a string return array.map(valueOrIdx, function(item){ return this.getOptions(item)}, this);

I opened a bug report in the dijit github project. I just want to check that that was the correct place to do that type of thing and/or would it help if I made a pull request with the above change?

dijit/form/_FormSelectWidget:getOptions breaks without CSP unsafe-eval · Issue #188 · dojo/dijit · GitHub