Firefox still complains about CSP

Question

Firefox still complains about CSP

andrewbrock-sahmri opened this issue 3 years ago · 2 comments

andrewbrock-sahmri commented 3 years ago

#3 appears to have fixed the CSP error in Chrome, but it's still flagging in Firefox (v96.0.1).

Using get-intrinsic v1.1.1

// eslint-disable-next-line consistent-return
var getEvalledConstructor = function (expressionSyntax) {
	try {
		// eslint-disable-next-line no-new-func
		return Function('"use strict"; return (' + expressionSyntax + ').constructor;')(); // <---- Firefox points at this
	} catch (e) {}
};

Error message is:
Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).

Answer 1 · 2022-01-18T02:01:56.000Z

If Firefox is going to warn on never-executed Function usage, then there’s not much i can do about it.

you may want to file a bug for Firefox.

Answer 2 · 2022-01-18T02:07:35.000Z

Thanks, I think I've found a corresponding Firefox bug(s), I'll drop the link here and close the issue
https://bugzilla.mozilla.org/show_bug.cgi?id=1580514
https://bugzilla.mozilla.org/show_bug.cgi?id=1650112