Issue: Use of `eval` in lottie.js

[adeoyewole028]

Hello, I noticed that eval is used in the lottie-web library (specifically in node_modules/lottie-web/build/player/lottie.js). This is flagged as a security risk and can cause issues with minification. Are there any plans to replace eval with a safer alternative?

Thanks!

[samuelOsborne]

hello @adeoyewole028 you could switch to the dotlottie player, it doesnt use eval and can render .lottie / .json / .lot files :)

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.

[cgatian]

@samuelOsborne that package has a massive payload increase.

[ashishyash]

hello @adeoyewole028 you could switch to the dotlottie player, it doesnt use eval and can render .lottie / .json / .lot files :)

i used dotlottie-web also and getting
wasm streaming compile failed: CompileError: WebAssembly.instantiateStreaming(): Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'nonce-NONCE_PLACEHOLDER'

[GuillaumeMunsch]

Having the same issue

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.