-dev-b2g (bcc'd), +dev-webapps What's the specific warning message given? I am pretty sure the static analysis is at fault here. The |setLastScroll| in |setTimeout( setLastScroll, 100 );| could be a string (which effectively means |eval()|) or a function. However I am pretty sure jQuery UI point that to a function.
We should workaround the limitation of this kind of false positive either by manual review or hash checking of libraries, if possible. On Fri, Aug 23, 2013 at 6:10 PM, Gmail <jeenaparad...@gmail.com> wrote: > Hi, > > I wrote a app for Firefox OS with help of jQuery mobile, it is a > TinyTinyRSS reader which needs to be a privileged app because it needs > to talk to the users own server to get data from and send data to. > > Everything works great and it was really easy to develop but when I > tried to send it to the marketplace I saw a ton of warnings about that > my code violates the Content Security Policy. I had a look where and the > jQuery and jQuery mobile code is littered with calls like this: > > setTimeout( setLastScroll, 100 ); > > I understand that it is like using plain eval() and that it is good that > this is not allowed on my phone. > > So my question is: Do you know any mobile library which I could use to > write my privileged application for Firefox OS without writing all the > list views-, navigation-, transitions code myself manually? > > /Jeena > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g -- Tim Guan-tin Chien, Engineering Manager and Front-end Lead, Firefox OS, Mozilla Corp. (Taiwan) _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
