Final Class: CspExpressionEvaluator

Oracle® JavaScript Extension Toolkit (JET)
16.0.0
F83701-01

Since:
  • 7.1.0
Module:
  • ojcspexpressionevaluator

Description

A class for creating CSP-compliant evaluators of JavaScript expressions

The default JET expression evaluator cannot be used when Content Security Policy prohibits unsafe evaluations. In order to replace the default evaluator with the JET CSP-compliant evaluator, create and pass an instance of CspExpressionEvaluator class to the Config.setExpressionEvaluator() method. This method must be called before applying knockout bindings in the application for the first time.

Any extra context required for evaluating expressions can be passed to the object constructor using globalScope property.


Config.setExpressionEvaluator(new CspExpressionEvaluator());

Expressions supported by the JET CspExpressionEvaluator

  • Identifiers, e.g. [[value]].
  • Members, e.g. [[router.stateId]].
  • Literals, e.g. [['abc']].
  • Function callbacks, e.g. [[getColor('customer', id)]].
  • Unary operators are limited to '-', '+', '~', '!' and '...', e.g. [[-100]].
  • Binary operators, e.g. [[value + '.png']].
  • Logical operators, e.g. [[a && b]] or [[a || b]].
  • Conditional or ternary operators, e.g. [[test ? consequent : alternate]].
  • Optional chaining operators, e.g. [[a?.b]].
  • Array literals, e.g. [a, b, c].
  • Object literals, e.g. [[{'selection_state': selected}]].
  • Functions are limited to a single statement, e.g. [[function(){return 'abc'}]].
  • 'new' operator such as 'new Object()'
  • Regular expressions in the form of explicit RegExp objects such as [[testString.match(new RegExp('abc', 'i'))]]

Expression limitations:

The following code is not supported in expressions:

  • Arrow functions such as '[1, 2, 3].map(item => item + 1)'
  • Assignment operators of any types such as '=' or '+=' or '|='
  • Blocks of code such as 'if (...){}'
  • Comma operator (,) such as '(expr1, expr2)'
  • Exponentiation (**) such as ' 3 ** 4'
  • in operator such as 'prop in testObject'
  • Increment/decrement operators such as 'x++' or 'x--'
  • Inline regular expressions such as 'testString.match(/abc/i)'
  • Instanceof or typeof operators such as 'date instanceof Date'
  • Nullish coalescing operator (??) such as 'value ?? "default value"'
  • Spread operator (...) such as 'sum(...arrayValue)'


Usage

Typescript Import Format
//This class is exported directly as module. To import it
import CspExpressionEvaluator= require("ojs/ojcspexpressionevaluator");

For additional information visit:


Final classes in JET

Classes in JET are generally final and do not support subclassing. At the moment, final is not enforced. However, this will likely change in an upcoming JET release.


Constructor

new CspExpressionEvaluator(options)

Parameters:
Name Type Description
options Object
Properties
Name Type Argument Description
globalScope any <optional>
 optional additional scope required for evaluating expressions. The additional scope will be used to resolve the variables if they are not defined in the $data or $context. 
Config.setExpressionEvaluator(new CspExpressionEvaluator({globalScope:extraScope}));