SharePoint
Feedback by UserVoice

I suggest you ....

← SharePoint Dev Platform

App catalog Trust prompt for external dependencies too in the SharePoint Framework

It would be great if all the referenced external dependencies (scripts) were listed in the trust prompt in the app catalog,
eventually the same for scripts dynamically loaded through the SPComponentLoader with the external scripts dynamically loaded should be declared.
This would prevent any way of code "injection" without the explicit consent of the app catalog administrator

3 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Yannick Plenevaux shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Yannick Plenevaux commented  ·   ·  Flag as inappropriate

    Just wanted to add: (If we leave aside the SPComponentLoader part), If I am right, all the external references must be added in the config.json file, I think it would be pretty easy to add them in the manifest in .sppkg ?

    At least, that way, even if there will always be workarounds to "inject" external JS, some Development guidelines, governance, etc... would be easier to verify.

    That said, It will always be to app catalog administrators to decide what they trust or not... My suggestion is just a extra help for them to decide

SharePoint Dev Platform: SharePoint Framework

Categories

Feedback and Knowledge Base

(thinking…)


SharePoint Tech Community

UserVoice Terms of Service & Privacy Policy