new Function() is unnecessary and interferes with CSP
mangecoeur opened this issue · 2 comments
mangecoeur commented
trying to use JSDOM, which uses setImmediate, in an Atom package and run into content security policy restrictions which prevent the use of new Function
and eval
. it seems using function(){return this}
would work just as well and avoid this completely
benjamn commented
The difference is that (function(){return this})()
returns null
in strict mode, making it somewhat less reliable, but I hear you about the CSP restrictions.
domenic commented
Feel free to open an issue on jsdom, we don't necessarily have to use setImmediate, I just did that as a quick fix.
eval is completely necessary for setImmediate since setImmediate("a string")
must do eval per spec.