Running synaptic on a website (browser) that restricts 'unsafe-eval' with CSP #345
Description
I'm using synaptic in a third-party product on the client side (basically a our code is being injected to our client's website).
We encountered an issue with a website that uses CSP (Content-Security-Policy) and does not allow 'unsafe-eval'.
Eval includes all method of executing string through javascript code:
- eval('var x = 1');
- new Function('var x = 1');
It seems that the library is using 'new Function' in couple of places.
After further investigation I realized that this code can be refactored to not use 'new Function' but native code.
I can help fixing this issue, I just want to know if there is a "real" reason for using this method rather than an actual code.