Specifically the files viewercontrol.js and underscore.min.js. These files contain the code "eval()" & "new Function()" which trigger an "unsafe eval" CSP error.
We would like to keep our project CSP compliant and not need to pass 'unsafe-eval' to the Content Security Policy in order to resolve this error.
The underscore.min.js "eval()" and "new function" complaints is something we already addressed in the CSP Compliance for Angular epic. We updated the viewer to no longer use underscore.min.js eval.
Those changes went into PrizmDoc Viewer v13.22 released in Dec 2022. See release notes under version 13.22
Please use the latest (v13.22 or later) client and and retest. If there is still an issue, provide Accusoft Support with a small sample or code snippet that we can use to replicate the CSP failures.
Attachments Open full size