`eval` won't work on most sites with CSP enabled.
michelle opened this issue · 1 comments
michelle commented
Unless unsafe-eval is allowed in your content security policy (which is very rare for folks using CSP), this library will break.
See: https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives
Note: Both 'unsafe-inline' and 'unsafe-eval' are unsafe and can open your web site up to cross-site scripting vulnerabilities.
anacronw commented
Yes..I suppose it would break if not on CommonJS or using AMD-style require.
The eval trick used to be best practice. I'll look into it