Class: CspExpressionEvaluator

Oracle® JavaScript Extension Toolkit (JET)
7.1.0

F18183-01


CspExpressionEvaluator

Version:
  • 7.1.0
Since:
  • 7.1.0
Module:
  • ojcspexpressionevaluator

Module usage

See JET Module Loading for an overview of module usage within JET.

Javascript Import Format
define(['ojs/ojcspexpressionevaluator'], function(CspExpressionEvaluator) {
 // Application should call API on CspExpressionEvaluator 
})
Typescript Import Format
//This class is exported directly as module. To import it
import CspExpressionEvaluator= require("ojs/ojcspexpressionevaluator");

JET In Typescript

A detailed description of working with JET elements and classes in your typescript project can be found at: JET Typescript Usage.

Description

A class for creating CSP-compliant evaluators of JavaScript expressions

The default JET expression evaluator cannot be used when Content Security Policy prohibits unsafe evaluations. In order to replace the default evaluator with the JET CSP-compliant evaluator, create and pass an instance of CspExpressionEvaluator class to the Config.setExpressionEvaluator() method. This method must be called before applying knockout bindings in the application for the first time.

Any extra context required for evaluating expressions can be passed to the object constructor using globalScope property.


Config.setExpressionEvaluator(new CspExpressionEvaluator());

Expressions supported by the JET CspExpressionEvaluator

  • Identifiers, e.g. [[value]].
  • Members, e.g. [[router.stateId]].
  • Literals, e.g. [['abc']].
  • Function callbacks, e.g. [[getColor('customer', id)]].
  • Unary operators are limited to '-', '+', '~', '!', e.g. [[-100]].
  • Binary operators, e.g. [[value + '.png']].
  • Logical operators, e.g. [[a && b]] or [[a || b]].
  • Conditional or ternary operators, e.g. [[test ? consequent : alternate]].
  • Array literals, e.g. [a, b, c].
  • Object literals, e.g. [[{'selection_state': selected}]].
  • Functions are limited to a single statement, e.g. [[function(){return 'abc'}]].
  • 'new' operator such as 'new Object()'

Expression limitations:

The following code is not supported in expressions:

  • JavaScript operations such as 'var a=b;'
  • Blocks of code such as 'if (...){}'
  • Increment/decrement operators such as 'x++' or 'x--'
  • Assignment operators such as '='

Constructor

new CspExpressionEvaluator(options)

Parameters:
Name Type Description
options Object
Properties
Name Type Argument Description
globalScope any <optional>
optional additional scope required for evaluating expressions. The additional scope will be used to resolve the variables if they are not defined in the $data or $context.
Config.setExpressionEvaluator(new CspExpressionEvaluator({globalScope:extraScope}));