[Enhancement] - Improve JavaScript to remove the need for 'unsafe-eval' in Content-Security-Policy directives.

Question

[Enhancement] - Improve JavaScript to remove the need for 'unsafe-eval' in Content-Security-Policy directives.

Opened this issue 3 months ago · 0 comments

JohnnyQuest1983 commented 3 months ago

Description of the enhancement:
When embedding a Freshworks form onto a website that has a Content Security Policy in place, crayons requires the addition of 'unsafe-eval' to be included in the script-src. I've not delved into code to find the particular culprit, but it would be preferable for it to not require 'unsafe-eval'.

Content-Security-Policy: The page’s settings blocked a JavaScript eval (script-src) from being executed because it violates the following directive: "script-src...." (Missing 'unsafe-eval')
https://cdn.jsdelivr.net/npm/@freshworks/crayons@4.3.0-beta.11/dist/crayons/crayons.esm.js:1:777

Describe the solution you'd like
Refactor crayons' JavaScript to not require 'unsafe-eval' in a Content Security Policy's 'script-src' directive.