Use JSON.parse if available

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 48212fc6381bc3f7b85f26b9df0f01a0c0c97660..b646d0c71b89c924fc29588225fc04c670a7b763 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -91,7 +91,7 @@ function page_headers() {
        header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
        header("X-Content-Type-Options: nosniff");
        header("Referrer-Policy: origin-when-cross-origin");
-       header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
+       header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
        $adminer->headers();
 }
 

diff --git a/adminer/static/functions.js b/adminer/static/functions.js
index 15341dd12705cfcc33139399e8b43384ea155299..582979c2f96e0cceabfec54fd2387d008a4cfba4 100644 (file)
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -565,7 +565,7 @@ function ajax(url, callback, data, message) {
 */
 function ajaxSetHtml(url) {
        return ajax(url, function (request) {
-               var data = eval('(' + request.responseText + ')');
+               var data = window.JSON ? JSON.parse(request.responseText) : eval('(' + request.responseText + ')');
                for (var key in data) {
                        setHtml(key, data[key]);
                }